PT-2018-4901 · Powerdns+1 · Powerdns Authoritative Server+1

Mathieu Lafon

Publicado

2017-01-13

Atualizado

2024-06-15

CVE-2016-2120

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions PowerDNS Authoritative Server versions up to and including 4.0.1 PowerDNS Authoritative Server versions up to and including 3.4.10

Description The issue allows an authorized user to crash the server by inserting a specially crafted record in a zone under their control and then sending a DNS query for that record. This is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.

Recommendations For PowerDNS Authoritative Server versions up to and including 3.4.10, update to a version later than 3.4.10 to resolve the issue. For PowerDNS Authoritative Server versions up to and including 4.0.1, update to a version later than 4.0.1 to resolve the issue.

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2017-1425

CVE-2016-2120

DLA-798-1

DSA-3764-1

MGASA-2017-0033

OPENSUSE-SU-2024:11156-1

OPENSUSE-SU-2024:11157-1

Produtos afetados

Alt Linux

Powerdns Authoritative Server

PT-2018-4901 · Powerdns+1 · Powerdns Authoritative Server+1

CVE-2016-2120

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 62