Nathaniel Ferguson

**Name of the Vulnerable Software and Affected Versions** PowerDNS Authoritative versions prior to 4.3.0 **Description** A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature when the --enable-experimental-gss-tsig option is used. **Recommendations** For PowerDNS Authoritative versions prior to 4.3.0, consider disabling the --enable-experimental-gss-tsig option as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PowerDNS Authoritative versions prior to 4.3.0 **Description** A denial of service issue was discovered when the --enable-experimental-gss-tsig option is used. This allows a remote, unauthenticated attacker to cause a denial of service by sending crafted queries with a GSS-TSIG signature. **Recommendations** For PowerDNS Authoritative versions prior to 4.3.0, consider disabling the --enable-experimental-gss-tsig option as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PowerDNS Authoritative versions prior to 4.3.0 **Description** A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution by sending crafted queries with a GSS-TSIG signature when the --enable-experimental-gss-tsig option is used. **Recommendations** For PowerDNS Authoritative versions prior to 4.3.0, consider disabling the --enable-experimental-gss-tsig option as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PowerDNS Authoritative Server versions prior to 4.3.1 **Description** An issue has been found where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. **Recommendations** For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to zone record insertion to minimize the risk of exploitation.