{"id":"CVE-2018-16855","details":"An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.","modified":"2026-03-14T09:28:15.609402Z","published":"2018-12-03T14:29:00.257Z","related":["MGASA-2019-0009","openSUSE-SU-2018:4062-1","openSUSE-SU-2018:4177-1","openSUSE-SU-2024:11157-1"],"references":[{"type":"ADVISORY","url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/powerdns/pdns","events":[{"introduced":"0"},{"fixed":"e412a949491886c13854587bbd06fa90ceb3a326"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.1.8"}]}}],"versions":["auth-3.1-rc1","auth-3.1-rc2","auth-3.1-rc3","auth-3.2-rc1","auth-3.2-rc2","auth-3.2-rc3","auth-3.2-rc4","auth-3.3","auth-3.3-rc1","auth-3.3-rc2","auth-3.4.0","auth-3.4.0-rc1","auth-3.4.0-rc2","auth-4.0.0","auth-4.0.0-alpha1","auth-4.0.0-alpha2","auth-4.0.0-alpha3","auth-4.0.0-beta1","auth-4.0.0-rc1","auth-4.0.0-rc2","auth-4.0.1","auth-4.1.0","auth-4.1.0-rc1","auth-4.1.0-rc2","auth-4.1.0-rc3","dnsdist-1.0.0","dnsdist-1.0.0-alpha1","dnsdist-1.0.0-alpha2","dnsdist-1.0.0-beta1","dnsdist-1.1.0","dnsdist-1.1.0-beta1","dnsdist-1.1.0-beta2","dnsdist-1.2.0","rec-3-0","rec-3-0-1","rec-3.0","rec-3.0.1","rec-3.1.4","rec-3.3.1","rec-3.5","rec-3.5-rc1","rec-3.5-rc3","rec-3.5-rc4","rec-3.5-rc5","rec-3.6.0","rec-3.6.0-rc1","rec-3.7.0","rec-3.7.0-rc1","rec-3.7.0-rc2","rec-4.0.0","rec-4.0.0-alpha1","rec-4.0.0-alpha2","rec-4.0.0-alpha3","rec-4.0.0-beta1","rec-4.0.0-rc1","rec-4.0.1","rec-4.0.2","rec-4.1.0","rec-4.1.0-alpha1","rec-4.1.0-rc1","rec-4.1.0-rc2","rec-4.1.0-rc3","rec-4.1.1","rec-4.1.2","rec-4.1.3","rec-4.1.4","rec-4.1.5","rec-4.1.6","rec-4.1.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16855.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}