PT-2018-4901 · Powerdns+1 · Powerdns Authoritative Server+1

Mathieu Lafon

Published

2017-01-13

Updated

2024-06-15

CVE-2016-2120

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions PowerDNS Authoritative Server versions up to and including 4.0.1 PowerDNS Authoritative Server versions up to and including 3.4.10

Description The issue allows an authorized user to crash the server by inserting a specially crafted record in a zone under their control and then sending a DNS query for that record. This is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.

Recommendations For PowerDNS Authoritative Server versions up to and including 3.4.10, update to a version later than 3.4.10 to resolve the issue. For PowerDNS Authoritative Server versions up to and including 4.0.1, update to a version later than 4.0.1 to resolve the issue.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2017-1425

CVE-2016-2120

DLA-798-1

DSA-3764-1

MGASA-2017-0033

OPENSUSE-SU-2024:11156-1

OPENSUSE-SU-2024:11157-1

Affected Products

Alt Linux

Powerdns Authoritative Server

PT-2018-4901 · Powerdns+1 · Powerdns Authoritative Server+1

CVE-2016-2120

Weakness Enumeration

Related Identifiers

Affected Products

References · 62