CVE-2015-5695: Designate mDNS DoS through incorrect handling of large RecordSets
6.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.84471%
CWE
Published
5/17/2022
Updated
11/26/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
designate | pip | = 2015.1.0b2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from two issues: (1) the mDNS handler's infinite loop when processing oversized RRSets (traced to _handle_axfr), and (2) missing quota enforcement in the central service. The patches explicitly modify _enforce_recordset_quota and _enforce_record_quota to add quota checks, confirming their role. The _handle_axfr method's loop logic (as described in bug reports and commit diffs) directly causes the DoS when quotas are bypassed.