CVE-2016-6172

Name of the Vulnerable Software and Affected Versions PowerDNS (aka pdns) Authoritative Server versions prior to 4.0.1 opensuse (affected versions not specified) opensuse leap (affected versions not specified) PowerDNS Authoritative Server (affected versions not specified)

Description The issue allows remote primary DNS servers to cause a denial of service, resulting in memory exhaustion and secondary DNS server crash. This can be achieved via a large AXFR or IXFR response.

Recommendations For PowerDNS (aka pdns) Authoritative Server versions prior to 4.0.1, update to version 4.0.1 or later to resolve the issue. For opensuse and opensuse leap, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting large AXFR or IXFR responses from remote primary DNS servers to minimize the risk of exploitation.