CVE-2020-10030

Name of the Vulnerable Software and Affected Versions PowerDNS Recursor versions 4.1.0 through 4.3.0

Description The issue allows an attacker with sufficient privileges to change the system's hostname to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. This occurs on systems where gethostname() does not have '0' termination of the returned string if the hostname is larger than the supplied buffer. Linux and OpenBSD systems are not affected due to their handling of buffer sizes and string termination. Under certain conditions, this can lead to a denial of service or possibly arbitrary code execution.

Recommendations For PowerDNS Recursor versions 4.1.0 through 4.3.0, update to a version that includes a fix for this issue to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.