Mathieu Lafon

**Name of the Vulnerable Software and Affected Versions** PowerDNS Authoritative Server versions up to and including 4.0.1 PowerDNS Authoritative Server versions up to and including 3.4.10 **Description** The issue allows an authorized user to crash the server by inserting a specially crafted record in a zone under their control and then sending a DNS query for that record. This is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary. **Recommendations** For PowerDNS Authoritative Server versions up to and including 3.4.10, update to a version later than 3.4.10 to resolve the issue. For PowerDNS Authoritative Server versions up to and including 4.0.1, update to a version later than 4.0.1 to resolve the issue.