First published: Thu Aug 31 2017(Updated: )
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Openstack Designate | =1.0.0.0b1 | |
Openstack Designate | =1.0.0a0 | |
Openstack Designate | =2015.1.0 | |
pip/designate | =2015.1.0b2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.