PT-2018-5761 · Powerdns · Powerdns Recursor

Published

2018-01-23

Updated

2024-06-15

CVE-2017-15094

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: PowerDNS Recursor versions 4.0.0 through 4.0.6

Description: A memory leak issue has been found in the DNSSEC parsing code when parsing specially crafted DNSSEC ECDSA keys. This issue occurs when validation is enabled by setting dnssec to a value other than 'off' or 'process-no-validate' (default).

Recommendations: For PowerDNS Recursor versions 4.0.0 through 4.0.6, consider disabling DNSSEC validation by setting dnssec to 'off' or 'process-no-validate' as a temporary workaround to minimize the risk of exploitation.

Fix

Missing Release of Resource after Effective Lifetime

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772CWE-401

Related Identifiers

CVE-2017-15094

OPENSUSE-SU-2024:11157-1

Affected Products

Powerdns Recursor

PT-2018-5761 · Powerdns · Powerdns Recursor

CVE-2017-15094

Weakness Enumeration

Related Identifiers

Affected Products

References · 29