{"id":"CVE-2016-5426","details":"PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.","modified":"2026-04-11T04:02:18.370013Z","published":"2016-09-21T14:25:14.487Z","related":["MGASA-2016-0324"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/92917"},{"type":"WEB","url":"http://www.securitytracker.com/id/1036761"},{"type":"ADVISORY","url":"https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3664"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/09/09/3"},{"type":"FIX","url":"https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/powerdns/pdns","events":[{"introduced":"0"},{"last_affected":"1ede91046e418e74dda47bee277feb17859b89da"},{"fixed":"881b5b03a590198d03008e4200dd00cc537712f3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4.9"}]}}],"versions":["auth-3.1-rc1","auth-3.1-rc2","auth-3.1-rc3","auth-3.2-rc1","auth-3.2-rc2","auth-3.2-rc3","auth-3.2-rc4","auth-3.4.0","auth-3.4.0-rc1","auth-3.4.0-rc2","auth-3.4.1","auth-3.4.2","auth-3.4.3","auth-3.4.4","auth-3.4.5","auth-3.4.6","auth-3.4.7","auth-3.4.8","auth-3.4.9","rec-3-0","rec-3-0-1","rec-3.0","rec-3.0.1","rec-3.1.4","rec-3.3.1","rec-3.5","rec-3.5-rc1","rec-3.5-rc3","rec-3.5-rc4","rec-3.5-rc5","rec-3.6.0"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["335073009223727141442546823773627607245","3325063803919662370807815705681621301","65566741844457745540789393961208334976","214802017751245620480022513796026227278"]},"deprecated":false,"target":{"file":"pdns/dnsparser.hh"},"signature_type":"Line","source":"https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3","id":"CVE-2016-5426-20984c56","signature_version":"v1"},{"digest":{"function_hash":"272098364120668738828264363336242645641","length":328},"deprecated":false,"target":{"file":"pdns/misc.cc","function":"chopOff"},"signature_type":"Function","source":"https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3","id":"CVE-2016-5426-2d379901","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["323778131826227137046733885077490639136","240445538914645076535977674075035909806","283520274824191313494879770423235872527","53325220884174924959903238627933421749","224421520498247737712322729298499572388","93818216059961495475847147166659679151","6861711156456960504034447273136901951","317208339759658381996075765955364396799","253423114992532614861981627913615465549","307555942684889802314558013562569018113","158795892569270529885923505314648870425","164183774241103682164887089537365760511","273595359538434688439511303466560191615","209004289468925949192202308382117884575","219640445849104293661265381556335644794","167739300652219471366787208970070966327","105861474666818595362880159779047064133","234629022298806735223125698169096913745","277411381474638480386129624368964150883","38244472512904287657046946269019637770","113881175921520652762034040417574155137","7663497596635311250949750754532429116"]},"deprecated":false,"target":{"file":"pdns/dnsparser.cc"},"signature_type":"Line","source":"https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3","id":"CVE-2016-5426-86a2e31d","signature_version":"v1"},{"digest":{"function_hash":"119830926157982529327753721699322374384","length":430},"deprecated":false,"target":{"file":"pdns/misc.cc","function":"chopOffDotted"},"signature_type":"Function","source":"https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3","id":"CVE-2016-5426-9116589e","signature_version":"v1"},{"digest":{"function_hash":"201494151425687124566229460532178142136","length":157},"deprecated":false,"target":{"file":"pdns/dnsparser.cc","function":"PacketReader::getLabel"},"signature_type":"Function","source":"https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3","id":"CVE-2016-5426-944c9226","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["181632328344395220377559472030462807540","236987670225606885321027315954694042180","129809260883687853675743250620761616960","280303859564270144192609114135470779492","211610218258821069505962204602074386266","183715558143582153046772273329532446919","73567258661609742843166467859579400105","76419677890623618479137435553503771143","75275836938457648641807021376571378803","97853206121996420844189532501138666074","150042922336362238403737705726299700457","320528092379479898763862348487686027264","149885393657184090717334775657689669797","283952187599417710362975471129640852815","93770744145712523750298104897171318374","16303369545357969644039883735816223304","172255641570987239549280883768092565577","84103177289257808400351996336977030524","73928659265986391659906095573856595624","222618908864331382869796708820327693120","73567258661609742843166467859579400105","76419677890623618479137435553503771143","75275836938457648641807021376571378803","97853206121996420844189532501138666074","150042922336362238403737705726299700457","221063562770856429103065150410274246939","261907972103596152924252597753051569543"]},"deprecated":false,"target":{"file":"pdns/misc.cc"},"signature_type":"Line","source":"https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3","id":"CVE-2016-5426-976374fe","signature_version":"v1"},{"digest":{"function_hash":"58758631302416552483714960344531181482","length":1167},"deprecated":false,"target":{"file":"pdns/dnsparser.cc","function":"PacketReader::getLabelFromContent"},"signature_type":"Function","source":"https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3","id":"CVE-2016-5426-ea933828","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T04:02:18Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5426.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}