Bug 1245241 (CVE-2015-5694, CVE-2015-5695) - CVE-2015-5695 openstack-designate: Infinite loop with large resource record sets
Summary: CVE-2015-5695 openstack-designate: Infinite loop with large resource record sets
Alias: CVE-2015-5694, CVE-2015-5695
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=low,public=20150728,reported=2...
Keywords: Security
Depends On: 1236014 1247952
Blocks: 1228320 1245254
TreeView+ depends on / blocked
Reported: 2015-07-21 14:31 UTC by Florian Weimer
Modified: 2019-06-08 20:40 UTC (History)
22 users (show)

Clone Of:
Last Closed: 2016-06-06 06:22:19 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1471161 None None None Never

Description Florian Weimer 2015-07-21 14:31:27 UTC
It was discovered that the Designate component in OpenStack would enter
an infinite loop when processing an internal zone file transfer if a
managed DNS zone included a resource record set whose size exceeded the
limitations of the DNS protocol, leading to a denial of service.  Only
authenticated users with access to the Designate component can add such
resource record sets.


This issue was discovered by Florian Weimer of Red Hat Product Security.

Comment 1 Martin Prpič 2015-07-29 10:33:40 UTC
Public via:


Comment 3 Martin Prpič 2015-07-29 10:37:34 UTC
Created openstack-designate tracking bugs for this issue:

Affects: openstack-rdo [bug 1247952]

Note You need to log in before you can comment on or make changes to this bug.