All the vulnerabilites related to powerdns - authoritative
cve-2016-2120
Vulnerability from cvelistv5
Published
2018-11-01 13:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2017/dsa-3764 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "up to and including 3.4.10"
},
{
"status": "affected",
"version": "up to and including 4.0.1"
}
]
}
],
"datePublic": "2017-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-02T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "up to and including 3.4.10"
},
{
"version_value": "up to and including 4.0.1"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3764",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2120",
"datePublished": "2018-11-01T13:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7073
Vulnerability from cvelistv5
Published
2018-09-11 13:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2017/dsa-3764 | vendor-advisory, x_refsource_DEBIAN | |
| https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open-Xchange | pdns |
Version: 3.4.11 Version: 4.0.2 Version: 4.0.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073"
},
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "Open-Xchange",
"versions": [
{
"status": "affected",
"version": "3.4.11"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0.4"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073"
},
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "3.4.11"
},
{
"version_value": "4.0.2"
},
{
"version_value": "4.0.4"
}
]
}
}
]
},
"vendor_name": "Open-Xchange"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073"
},
{
"name": "DSA-3764",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7073",
"datePublished": "2018-09-11T13:00:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-17482
Vulnerability from cvelistv5
Published
2020-10-02 08:21
Modified
2024-08-04 14:00
Severity ?
EPSS score ?
Summary
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/PowerDNS/pdns | x_refsource_MISC | |
| https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202012-18 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:47.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
},
{
"name": "GLSA-202012-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T21:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PowerDNS/pdns"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
},
{
"name": "GLSA-202012-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-17482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PowerDNS/pdns",
"refsource": "MISC",
"url": "https://github.com/PowerDNS/pdns"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
},
{
"name": "GLSA-202012-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17482",
"datePublished": "2020-10-02T08:21:09",
"dateReserved": "2020-08-11T00:00:00",
"dateUpdated": "2024-08-04T14:00:47.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5230
Vulnerability from cvelistv5
Published
2020-01-15 16:32
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3347 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1033475 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | PowerDNS | PowerDNS Authoritative Server |
Version: 3.4.x before 3.4.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerDNS Authoritative Server",
"vendor": "PowerDNS",
"versions": [
{
"status": "affected",
"version": "3.4.x before 3.4.6"
}
]
}
],
"datePublic": "2015-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T16:32:47",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1033475"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerDNS Authoritative Server",
"version": {
"version_data": [
{
"version_value": "3.4.x before 3.4.6"
}
]
}
}
]
},
"vendor_name": "PowerDNS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/"
},
{
"name": "http://www.debian.org/security/2015/dsa-3347",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3347"
},
{
"name": "http://www.securitytracker.com/id/1033475",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1033475"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5230",
"datePublished": "2020-01-15T16:32:47",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24697
Vulnerability from cvelistv5
Published
2020-10-02 08:23
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T08:23:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24697",
"datePublished": "2020-10-02T08:23:11",
"dateReserved": "2020-08-27T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24698
Vulnerability from cvelistv5
Published
2020-10-02 08:23
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T08:23:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24698",
"datePublished": "2020-10-02T08:23:44",
"dateReserved": "2020-08-27T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10163
Vulnerability from cvelistv5
Published
2019-07-30 22:16
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html | vendor-advisory, x_refsource_SUSE | |
| https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/ | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163 | x_refsource_CONFIRM | |
| https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2019:1904",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1921",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "PowerDNS",
"versions": [
{
"status": "affected",
"version": "fixed in 4.1.9"
},
{
"status": "affected",
"version": "fixed in 4.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2019:1904",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1921",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "fixed in 4.1.9"
},
{
"version_value": "fixed in 4.0.8"
}
]
}
}
]
},
"vendor_name": "PowerDNS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2019:1904",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1921",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
},
{
"name": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/",
"refsource": "CONFIRM",
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10163",
"datePublished": "2019-07-30T22:16:59",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:10.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10851
Vulnerability from cvelistv5
Published
2018-11-29 18:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html | x_refsource_CONFIRM | |
| https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | The PowerDNS Project | pdns |
Version: 3.3.0 to 4.1.4, excluding 4.1.5 and 4.0.6 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "The PowerDNS Project",
"versions": [
{
"status": "affected",
"version": "3.3.0 to 4.1.4, excluding 4.1.5 and 4.0.6"
}
]
},
{
"product": "pdns-recursor",
"vendor": "The PowerDNS Project",
"versions": [
{
"status": "affected",
"version": "3.2 to 4.1.4, excluding 4.1.5 and 4.0.9"
}
]
}
],
"datePublic": "2018-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-29T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "3.3.0 to 4.1.4, excluding 4.1.5 and 4.0.6"
}
]
}
},
{
"product_name": "pdns-recursor",
"version": {
"version_data": [
{
"version_value": "3.2 to 4.1.4, excluding 4.1.5 and 4.0.9"
}
]
}
}
]
},
"vendor_name": "The PowerDNS Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10851",
"datePublished": "2018-11-29T18:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10162
Vulnerability from cvelistv5
Published
2019-07-30 22:15
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162 | x_refsource_CONFIRM | |
| https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/ | x_refsource_CONFIRM | |
| https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html | vendor-advisory, x_refsource_SUSE |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html"
},
{
"name": "openSUSE-SU-2019:1904",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1921",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "PowerDNS",
"versions": [
{
"status": "affected",
"version": "fixed in 4.1.10"
},
{
"status": "affected",
"version": "fixed in 4.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:22",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html"
},
{
"name": "openSUSE-SU-2019:1904",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1921",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "fixed in 4.1.10"
},
{
"version_value": "fixed in 4.0.8"
}
]
}
}
]
},
"vendor_name": "PowerDNS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162"
},
{
"name": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/",
"refsource": "CONFIRM",
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html"
},
{
"name": "openSUSE-SU-2019:1904",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1921",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10162",
"datePublished": "2019-07-30T22:15:35",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:10.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24696
Vulnerability from cvelistv5
Published
2020-10-02 08:21
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T08:21:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24696",
"datePublished": "2020-10-02T08:21:46",
"dateReserved": "2020-08-27T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7074
Vulnerability from cvelistv5
Published
2018-09-11 13:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2017/dsa-3764 | vendor-advisory, x_refsource_DEBIAN | |
| https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open-Xchange | pdns |
Version: 3.4.11 Version: 4.0.2 Version: 4.0.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074"
},
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "Open-Xchange",
"versions": [
{
"status": "affected",
"version": "3.4.11"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0.4"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074"
},
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "3.4.11"
},
{
"version_value": "4.0.2"
},
{
"version_value": "4.0.4"
}
]
}
}
]
},
"vendor_name": "Open-Xchange"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074"
},
{
"name": "DSA-3764",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7074",
"datePublished": "2018-09-11T13:00:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7068
Vulnerability from cvelistv5
Published
2018-09-11 13:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2017/dsa-3764 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.debian.org/security/2017/dsa-3763 | vendor-advisory, x_refsource_DEBIAN | |
| https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open-Xchange | pdns |
Version: 3.4.11 Version: 4.0.2 Version: 3.7.4 Version: 4.0.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068"
},
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"name": "DSA-3763",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "Open-Xchange",
"versions": [
{
"status": "affected",
"version": "3.4.11"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "3.7.4"
},
{
"status": "affected",
"version": "4.0.4"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068"
},
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"name": "DSA-3763",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "3.4.11"
},
{
"version_value": "4.0.2"
},
{
"version_value": "3.7.4"
},
{
"version_value": "4.0.4"
}
]
}
}
]
},
"vendor_name": "Open-Xchange"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068"
},
{
"name": "DSA-3764",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"name": "DSA-3763",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3763"
},
{
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7068",
"datePublished": "2018-09-11T13:00:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14626
Vulnerability from cvelistv5
Published
2018-11-29 18:00
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14626 | x_refsource_CONFIRM | |
| https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html | x_refsource_CONFIRM | |
| https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | The PowerDNS Project | pdns |
Version: 4.1.0 to 4.1.4 inclusive |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "The PowerDNS Project",
"versions": [
{
"status": "affected",
"version": "4.1.0 to 4.1.4 inclusive"
}
]
},
{
"product": "pdns-recursor",
"vendor": "The PowerDNS Project",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.1.4 inclusive"
}
]
}
],
"datePublic": "2018-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-29T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "4.1.0 to 4.1.4 inclusive"
}
]
}
},
{
"product_name": "pdns-recursor",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.1.4 inclusive"
}
]
}
}
]
},
"vendor_name": "The PowerDNS Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14626",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14626"
},
{
"name": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-14626",
"datePublished": "2018-11-29T18:00:00",
"dateReserved": "2018-07-27T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5470
Vulnerability from cvelistv5
Published
2015-11-02 19:00
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/07/10/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/07/07/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/"
},
{
"name": "[oss-security] 20150710 Re: Follow up: PowerDNS Security Advisory 2015-01",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/10/8"
},
{
"name": "[oss-security] 20150707 Follow up: PowerDNS Security Advisory 2015-01",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-02T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/"
},
{
"name": "[oss-security] 20150710 Re: Follow up: PowerDNS Security Advisory 2015-01",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/10/8"
},
{
"name": "[oss-security] 20150707 Follow up: PowerDNS Security Advisory 2015-01",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/"
},
{
"name": "[oss-security] 20150710 Re: Follow up: PowerDNS Security Advisory 2015-01",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/10/8"
},
{
"name": "[oss-security] 20150707 Follow up: PowerDNS Security Advisory 2015-01",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5470",
"datePublished": "2015-11-02T19:00:00",
"dateReserved": "2015-07-10T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5426
Vulnerability from cvelistv5
Published
2016-09-21 14:00
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036761 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2016/dsa-3664 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/92917 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/09/09/3 | mailing-list, x_refsource_MLIST | |
| https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3"
},
{
"name": "1036761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036761"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "92917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92917"
},
{
"name": "[oss-security] 20160909 PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3"
},
{
"name": "1036761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036761"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "92917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92917"
},
{
"name": "[oss-security] 20160909 PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3",
"refsource": "CONFIRM",
"url": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3"
},
{
"name": "1036761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036761"
},
{
"name": "DSA-3664",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "92917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92917"
},
{
"name": "[oss-security] 20160909 PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/3"
},
{
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5426",
"datePublished": "2016-09-21T14:00:00",
"dateReserved": "2016-06-10T00:00:00",
"dateUpdated": "2024-08-06T01:00:59.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5311
Vulnerability from cvelistv5
Published
2015-11-17 15:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/11/09/3 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172193.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securitytracker.com/id/1034098 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171976.html | vendor-advisory, x_refsource_FEDORA | |
| https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151109 PowerDNS Security Announcement 2015-03",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/09/3"
},
{
"name": "FEDORA-2015-a3965fd800",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172193.html"
},
{
"name": "1034098",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034098"
},
{
"name": "FEDORA-2015-1d49176aa1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171976.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/"
},
{
"name": "FEDORA-2015-8b8d94ebbb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20151109 PowerDNS Security Announcement 2015-03",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/09/3"
},
{
"name": "FEDORA-2015-a3965fd800",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172193.html"
},
{
"name": "1034098",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034098"
},
{
"name": "FEDORA-2015-1d49176aa1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171976.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/"
},
{
"name": "FEDORA-2015-8b8d94ebbb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151109 PowerDNS Security Announcement 2015-03",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/09/3"
},
{
"name": "FEDORA-2015-a3965fd800",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172193.html"
},
{
"name": "1034098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034098"
},
{
"name": "FEDORA-2015-1d49176aa1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171976.html"
},
{
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/"
},
{
"name": "FEDORA-2015-8b8d94ebbb",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5311",
"datePublished": "2015-11-17T15:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1868
Vulnerability from cvelistv5
Published
2015-05-18 15:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-7079",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html"
},
{
"name": "FEDORA-2015-7031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html"
},
{
"name": "FEDORA-2015-7018",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html"
},
{
"name": "74306",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74306"
},
{
"name": "FEDORA-2015-7033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html"
},
{
"name": "FEDORA-2015-7047",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html"
},
{
"name": "DSA-3306",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3306"
},
{
"name": "DSA-3307",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3307"
},
{
"name": "1032220",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032220"
},
{
"name": "FEDORA-2015-7057",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-7079",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html"
},
{
"name": "FEDORA-2015-7031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html"
},
{
"name": "FEDORA-2015-7018",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html"
},
{
"name": "74306",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74306"
},
{
"name": "FEDORA-2015-7033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html"
},
{
"name": "FEDORA-2015-7047",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html"
},
{
"name": "DSA-3306",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3306"
},
{
"name": "DSA-3307",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3307"
},
{
"name": "1032220",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032220"
},
{
"name": "FEDORA-2015-7057",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-7079",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html"
},
{
"name": "FEDORA-2015-7031",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html"
},
{
"name": "FEDORA-2015-7018",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html"
},
{
"name": "74306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74306"
},
{
"name": "FEDORA-2015-7033",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html"
},
{
"name": "FEDORA-2015-7047",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html"
},
{
"name": "DSA-3306",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3306"
},
{
"name": "DSA-3307",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3307"
},
{
"name": "1032220",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032220"
},
{
"name": "FEDORA-2015-7057",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1868",
"datePublished": "2015-05-18T15:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7072
Vulnerability from cvelistv5
Published
2018-09-10 17:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2017/dsa-3764 | vendor-advisory, x_refsource_DEBIAN | |
| https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open-Xchange | pdns |
Version: 3.4.11 Version: 4.0.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072"
},
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "Open-Xchange",
"versions": [
{
"status": "affected",
"version": "3.4.11"
},
{
"status": "affected",
"version": "4.0.2"
}
]
}
],
"datePublic": "2016-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it\u0027s more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072"
},
{
"name": "DSA-3764",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "3.4.11"
},
{
"version_value": "4.0.2"
}
]
}
}
]
},
"vendor_name": "Open-Xchange"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it\u0027s more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072"
},
{
"name": "DSA-3764",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7072",
"datePublished": "2018-09-10T17:00:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15091
Vulnerability from cvelistv5
Published
2018-01-23 15:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101982 | vdb-entry, x_refsource_BID | |
| https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | PowerDNS | PowerDNS Authoritative |
Version: 4.x up to and including 4.0.4 Version: 3.x up to and including 3.4.11 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:14.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerDNS Authoritative",
"vendor": "PowerDNS",
"versions": [
{
"status": "affected",
"version": "4.x up to and including 4.0.4"
},
{
"status": "affected",
"version": "3.x up to and including 3.4.11"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-24T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "101982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15091",
"datePublished": "2018-01-23T15:00:00Z",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-08-05T19:50:14.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5427
Vulnerability from cvelistv5
Published
2016-09-21 14:00
Modified
2024-08-06 01:01
Severity ?
EPSS score ?
Summary
PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036761 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2016/dsa-3664 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/92917 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/09/09/3 | mailing-list, x_refsource_MLIST | |
| https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:01:00.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3"
},
{
"name": "1036761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036761"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "92917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92917"
},
{
"name": "[oss-security] 20160909 PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3"
},
{
"name": "1036761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036761"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "92917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92917"
},
{
"name": "[oss-security] 20160909 PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3",
"refsource": "CONFIRM",
"url": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3"
},
{
"name": "1036761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036761"
},
{
"name": "DSA-3664",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "92917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92917"
},
{
"name": "[oss-security] 20160909 PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/3"
},
{
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5427",
"datePublished": "2016-09-21T14:00:00",
"dateReserved": "2016-06-10T00:00:00",
"dateUpdated": "2024-08-06T01:01:00.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-09-21 14:25
Modified
2024-11-21 02:54
Severity ?
Summary
PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E45C5C3-4B73-4FD1-85E7-7C3A9DA5E10B",
"versionEndIncluding": "3.4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query."
},
{
"lang": "es",
"value": "PowerDNS (tambi\u00e9n conocido como pdns) Authoritative Server en versiones anteriores a 3.4.10 no maneja adecuadamente unas etiquetas del interior . (dot), lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU backend) a trav\u00e9s de una consulta DNS manipulada."
}
],
"id": "CVE-2016-5427",
"lastModified": "2024-11-21T02:54:17.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-21T14:25:15.580",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/92917"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1036761"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 23:15
Modified
2024-11-21 04:18
Severity ?
Summary
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| powerdns | authoritative | * | |
| powerdns | authoritative | 4.0.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC9E085-EAB7-4AF1-AE27-890E01A74EBF",
"versionEndExcluding": "4.0.8",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F549C4B-A77D-42E9-9DE1-993976771B22",
"versionEndExcluding": "4.1.10",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:4.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5EDF970C-889D-471D-9A8D-0C94AF231F1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en Authoritative Server de PowerDNS anterior a versiones 4.1.10, 4.0.8, permitiendo a un usuario autorizado causar que el servidor salga mediante la inserci\u00f3n de un registro dise\u00f1ado en una zona tipo MASTER bajo su control. El problema es debido al hecho de que Authoritative Server se saldr\u00e1 cuando se encuentre con un error de an\u00e1lisis mientras busca los registros NS/A/AAAA que est\u00e1 por usar para una notificaci\u00f3n saliente."
}
],
"id": "CVE-2019-10162",
"lastModified": "2024-11-21T04:18:33.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T23:15:12.183",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-11 13:29
Modified
2024-11-21 02:57
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/ | Vendor Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2017/dsa-3763 | Third Party Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2017/dsa-3764 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-3763 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-3764 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| powerdns | authoritative | * | |
| powerdns | recursor | * | |
| powerdns | recursor | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45749DBA-3089-4FD6-8999-9A6F0C3B4904",
"versionEndExcluding": "3.4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDAEFF5-B01E-4765-98F8-F00F80806118",
"versionEndExcluding": "4.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A95C8FD-FB1C-4AFF-84E8-B8BFAF678F31",
"versionEndExcluding": "3.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F07E82C1-0CEF-405D-8BE7-6918C64BABB2",
"versionEndExcluding": "4.0.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en PowerDNS en versiones anteriores a la 3.4.11 y 4.0.2, y PowerDNS recursor en versiones anteriores a la 3.7.4 y 4.0.4, que permite que un atacante no autenticado remoto provoque una carga de uso de CPU anormal en el servidor de PowerDNS mediante el env\u00edo de consultas DNS manipuladas, lo que podr\u00eda resultar en una denegaci\u00f3n de servicio (DoS) parcial si el sistema se sobrecarga. Este problema se basa en el hecho de que el servidor de PowerDNS analiza todos los registros presentes en una consulta, independientemente de si se necesitan o incluso si son leg\u00edtimos. Una consulta especialmente manipulada que contiene un gran n\u00famero de registros puede emplearse para aprovecharse de este comportamiento."
}
],
"id": "CVE-2016-7068",
"lastModified": "2024-11-21T02:57:23.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-11T13:29:00.713",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3763"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-11 13:29
Modified
2024-11-21 02:57
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/ | Vendor Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2017/dsa-3764 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-3764 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| powerdns | authoritative | * | |
| powerdns | recursor | * | |
| powerdns | recursor | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45749DBA-3089-4FD6-8999-9A6F0C3B4904",
"versionEndExcluding": "3.4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDAEFF5-B01E-4765-98F8-F00F80806118",
"versionEndExcluding": "4.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A95C8FD-FB1C-4AFF-84E8-B8BFAF678F31",
"versionEndExcluding": "3.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F07E82C1-0CEF-405D-8BE7-6918C64BABB2",
"versionEndExcluding": "4.0.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en PowerDNS en versiones anteriores a la 3.4.11 y 4.0.2, y PowerDNS recursor en versiones anteriores a la 4.0.4, lo que permite que un atacante en posici\u00f3n Man-in-the-Middle (MitM) altere el contenido de un AXFR debido a una validaci\u00f3n insuficiente de firmas TSIG. La falta de una comprobaci\u00f3n de los valores time y fudge de TSIG se encontr\u00f3 en AXFRRetriever, lo que podr\u00eda conducir a un ataque de reproducci\u00f3n."
}
],
"id": "CVE-2016-7073",
"lastModified": "2024-11-21T02:57:24.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-11T13:29:01.057",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-10 17:29
Modified
2024-11-21 02:57
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/ | Vendor Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2017/dsa-3764 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-3764 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| powerdns | authoritative | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45749DBA-3089-4FD6-8999-9A6F0C3B4904",
"versionEndExcluding": "3.4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDAEFF5-B01E-4765-98F8-F00F80806118",
"versionEndExcluding": "4.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it\u0027s more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en PowerDNS Authoritative Server en versiones anteriores a la 3.4.11 y 4.0.2 que permite que un atacante no autenticado remoto provoque una denegaci\u00f3n de servicio (DoS) abriendo un gran n\u00famero de conexiones TCP al servidor web. Si el servidor web se queda sin descriptores de archivo, desencadena una excepci\u00f3n y termina el proceso PowerDNS completo. Aunque es m\u00e1s complicado para un atacante no autorizado hacer que el servidor web se quede sin descriptores de archivo, ya que su conexi\u00f3n se cerrar\u00e1 justo despu\u00e9s de que sea aceptada, podr\u00eda seguir siendo posible"
}
],
"id": "CVE-2016-7072",
"lastModified": "2024-11-21T02:57:24.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-10T17:29:00.193",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-02 09:15
Modified
2024-11-21 05:15
Severity ?
Summary
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C066F9B-E844-4EA6-9734-73A70BE621F7",
"versionEndIncluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig.\u0026#xa0;Un atacante no autenticado remoto puede desencadenar una condici\u00f3n de carrera conllevando a un bloqueo, o posiblemente a una ejecuci\u00f3n de c\u00f3digo arbitraria, mediante el env\u00edo de consultas dise\u00f1adas con una firma GSS-TSIG"
}
],
"id": "CVE-2020-24696",
"lastModified": "2024-11-21T05:15:49.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-02T09:15:13.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-02 19:59
Modified
2024-11-21 02:33
Severity ?
Summary
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| powerdns | authoritative | 3.4.0 | |
| powerdns | authoritative | 3.4.1 | |
| powerdns | authoritative | 3.4.2 | |
| powerdns | authoritative | 3.4.3 | |
| powerdns | authoritative | 3.4.4 | |
| powerdns | recursor | * | |
| powerdns | recursor | 3.7.1 | |
| powerdns | recursor | 3.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF978920-5AEA-4B22-9ACC-E8CFD9BCC121",
"versionEndIncluding": "3.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04A975C2-F387-4815-BDD7-F712AFFE1CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91211D89-B43C-4D26-8ADE-90EEAFA44603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3F120B2-C520-406E-A6A7-7E710D434FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA372BE-95F8-48BA-A1AF-D9FEDF01AC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1700CF93-6C36-4395-92C4-708B4CE9861D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD93A3D6-4421-493B-863A-83983289DD0F",
"versionEndIncluding": "3.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79723D52-8A9E-42B5-AF68-4DBF4758783E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "258E1BC4-F4A8-4A2A-9766-F6BB10C982C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868."
},
{
"lang": "es",
"value": "La funcionalidad de descompresi\u00f3n de etiqueta en PowerDNS Recursor en versiones anteriores a 3.6.4 y 3.7.x en versiones anteriores a 3.7.3 y Authoritative (Auth) Server en versiones anteriores a 3.3.3 y 3.4.x en versiones anteriores a 3.4.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU o ca\u00edda) a trav\u00e9s de una petici\u00f3n con un nombre largo que se refiere a s\u00ed mismo. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2015-1868."
}
],
"id": "CVE-2015-5470",
"lastModified": "2024-11-21T02:33:05.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-02T19:59:09.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/07/10/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/07/10/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-21 14:25
Modified
2024-11-21 02:54
Severity ?
Summary
PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E45C5C3-4B73-4FD1-85E7-7C3A9DA5E10B",
"versionEndIncluding": "3.4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname."
},
{
"lang": "es",
"value": "PowerDNS (tambi\u00e9n conocido como pdns) Authoritative Server en versiones anteriores a 3.4.10 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU backend) a trav\u00e9s de un qname largo."
}
],
"id": "CVE-2016-5426",
"lastModified": "2024-11-21T02:54:17.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-21T14:25:14.487",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/92917"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1036761"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-11 13:29
Modified
2024-11-21 02:57
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/ | Vendor Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2017/dsa-3764 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-3764 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| powerdns | authoritative | * | |
| powerdns | recursor | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45749DBA-3089-4FD6-8999-9A6F0C3B4904",
"versionEndExcluding": "3.4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDAEFF5-B01E-4765-98F8-F00F80806118",
"versionEndExcluding": "4.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DBCA6C5-AC57-401A-8B44-A9AAEFB92B60",
"versionEndExcluding": "4.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en PowerDNS en versiones anteriores a la 3.4.11 y 4.0.2, y PowerDNS recursor en versiones anteriores a la 4.0.4, lo que permite que un atacante en posici\u00f3n Man-in-the-Middle (MitM) altere el contenido de un AXFR debido a una validaci\u00f3n insuficiente de firmas TSIG. Falta una comprobaci\u00f3n de que el registro TSIG es el \u00faltimo, lo que conduce a la posibilidad de que se analicen registros que no est\u00e1n cubiertos por la firma TSIG."
}
],
"id": "CVE-2016-7074",
"lastModified": "2024-11-21T02:57:24.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-11T13:29:01.167",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-29 18:29
Modified
2024-11-21 03:49
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| powerdns | recursor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6D884E-61CF-41C3-8020-ABCA01B97EF3",
"versionEndIncluding": "4.1.4",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E865DFB-08E7-4EBE-B8E0-955314EE532D",
"versionEndIncluding": "4.1.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service."
},
{
"lang": "es",
"value": "PowerDNS Authoritative Server desde la versi\u00f3n 4.1.0 hasta la 4.1.4 y PowerDNS Recursor desde la versi\u00f3n 4.0.0 hasta la 4.1.4, son vulnerables a una contaminaci\u00f3n de memora cach\u00e9 de paquetes mediante una consulta manipulada que puede provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-14626",
"lastModified": "2024-11-21T03:49:27.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-29T18:29:00.477",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14626"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-02 09:15
Modified
2024-11-21 05:15
Severity ?
Summary
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C066F9B-E844-4EA6-9734-73A70BE621F7",
"versionEndIncluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda causar una doble liberaci\u00f3n, conllevando a un bloqueo o posiblemente una ejecuci\u00f3n de c\u00f3digo arbitraria. Mediante el env\u00edo de consultas dise\u00f1adas con una firma GSS-TSIG"
}
],
"id": "CVE-2020-24698",
"lastModified": "2024-11-21T05:15:49.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-02T09:15:13.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-23 15:29
Modified
2024-11-21 03:14
Severity ?
Summary
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/101982 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101982 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| powerdns | authoritative | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3363780D-5618-4CFD-980F-8272A454914C",
"versionEndIncluding": "3.4.11",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9E02BF-B8D0-4E88-BA4A-360E5A6F35B8",
"versionEndIncluding": "4.0.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en el componente API de PowerDNS Authoritative 4.x hasta e incluyendo la versi\u00f3n 4.0.4 y en versiones 3.x hasta la 3.4.11, tambi\u00e9n incluida, donde algunas operaciones que provocan un impacto en el estado del servidor siguen estando permitidas incluso aunque la API se haya configurado como solo lectura por medio de la palabra clave api-readonly. Esta falta de comprobaci\u00f3n permite que un atacante con credenciales API v\u00e1lidas vac\u00ede la cach\u00e9, desencadene una trasferencia de zona o env\u00ede un NOTIFY."
}
],
"id": "CVE-2017-15091",
"lastModified": "2024-11-21T03:14:03.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-23T15:29:00.277",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101982"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-358"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-17 15:59
Modified
2024-11-21 02:32
Severity ?
Summary
PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | 3.4.4 | |
| powerdns | authoritative | 3.4.5 | |
| powerdns | authoritative | 3.4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1700CF93-6C36-4395-92C4-708B4CE9861D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "516840D8-0ED8-42EE-98BD-1A2372966726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B4F415-0047-4812-A196-90A16DE188E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets."
},
{
"lang": "es",
"value": "PowerDNS (tambi\u00e9n conocido como pdns) Authoritative Server 3.4.4 en versiones anteriores a 3.4.7 permite a atacantes remotos causar una denegaci\u00f3n de servicio (error de aserci\u00f3n y ca\u00edda del servidor) a trav\u00e9s de paquetes de consulta manipulados."
}
],
"id": "CVE-2015-5311",
"lastModified": "2024-11-21T02:32:46.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-17T15:59:07.357",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171976.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172193.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/11/09/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1034098"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171976.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172193.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/11/09/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-02 09:15
Modified
2024-11-21 05:08
Severity ?
Summary
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html | Vendor Advisory | |
| cve@mitre.org | https://github.com/PowerDNS/pdns | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202012-18 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/PowerDNS/pdns | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202012-18 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74DB9DF5-6F28-435D-907D-1CD0F1D1591E",
"versionEndExcluding": "4.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory."
},
{
"lang": "es",
"value": "Se ha encontrado un problema en PowerDNS Authoritative Server versiones anteriores a 4.3.1, donde un usuario autorizado con la capacidad de insertar registros dise\u00f1ados en una zona podr\u00eda filtrar el contenido de la memoria no inicializada"
}
],
"id": "CVE-2020-17482",
"lastModified": "2024-11-21T05:08:12.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-02T09:15:13.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/PowerDNS/pdns"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/PowerDNS/pdns"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 23:15
Modified
2024-11-21 04:18
Severity ?
Summary
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| powerdns | authoritative | * | |
| powerdns | authoritative | 4.1.0 | |
| opensuse | backports | sle-15 | |
| opensuse | backports | sle-15 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC9E085-EAB7-4AF1-AE27-890E01A74EBF",
"versionEndExcluding": "4.0.8",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18CCB3A5-1428-47B2-AC55-6D8E45842A67",
"versionEndExcluding": "4.1.9",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C77964E1-10B0-4107-A1DF-5A6A23F48A85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
"matchCriteriaId": "398716BC-E609-4338-BAB9-7CB2A78599BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en Authoritative Server de PowerDNS anterior a versiones 4.1.9, 4.0.8, que permite a un servidor maestro autorizado y remoto causar una alta carga de CPU o incluso impedir actualizaciones adicionales a cualquier zona esclava mediante el env\u00edo de una gran cantidad de mensajes de NOTIFICACI\u00d3N. Note que solo los servidores configurados como esclavos est\u00e1n afectados por este problema."
}
],
"id": "CVE-2019-10163",
"lastModified": "2024-11-21T04:18:33.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T23:15:12.263",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-18 15:59
Modified
2024-11-21 02:26
Severity ?
Summary
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | 3.2 | |
| powerdns | authoritative | 3.3 | |
| powerdns | authoritative | 3.3.1 | |
| powerdns | authoritative | 3.3.2 | |
| powerdns | authoritative | 3.4.0 | |
| powerdns | authoritative | 3.4.1 | |
| powerdns | authoritative | 3.4.3 | |
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| powerdns | recursor | 3.5 | |
| powerdns | recursor | 3.5.1 | |
| powerdns | recursor | 3.5.2 | |
| powerdns | recursor | 3.5.3 | |
| powerdns | recursor | 3.6.0 | |
| powerdns | recursor | 3.6.1 | |
| powerdns | recursor | 3.6.2 | |
| powerdns | recursor | 3.6.3 | |
| powerdns | recursor | 3.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5604347-1CAB-4BF7-A173-836B6EB16783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3370E07-8781-40EF-B265-2A3723E41F78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC5141A-8472-4A36-8A6D-124EDFE0941A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF8596A-D92F-4FEB-8B63-D6FDAD608792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04A975C2-F387-4815-BDD7-F712AFFE1CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91211D89-B43C-4D26-8ADE-90EEAFA44603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA372BE-95F8-48BA-A1AF-D9FEDF01AC18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B8B634-42DC-4552-AAFB-D6849CB459C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1CF2AEB-1D4D-4F80-BBFE-071942C6C9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F59252-BF7E-4C15-A8EE-F96DCDABB2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCDEABD-572D-42BD-8A2B-1E97FFF17B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3DFC6B-B0C3-499C-9AE6-8974A2681974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B325D31-8746-4811-B3AD-3CC1F02D0E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70D0E4BB-34A1-4E94-A58B-25DD7C984815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC3F136-8B89-48DE-81A6-2D3FA9BE6A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79723D52-8A9E-42B5-AF68-4DBF4758783E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself."
},
{
"lang": "es",
"value": "La funcionalidad de la decompresi\u00f3n de etiquetas en PowerDNS Recursor 3.5.x, 3.6.x anterior a 3.6.3, y 3.7.x anterior a 3.7.2 y Authoritative (Auth) Server 3.2.x, 3.3.x anterior a 3.3.2, y 3.4.x anterior a 3.4.4 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU o ca\u00edda) a trav\u00e9s de una solicitud con un nombre que se hace referencia a si mismo."
}
],
"id": "CVE-2015-1868",
"lastModified": "2024-11-21T02:26:18.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-18T15:59:05.823",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3306"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3307"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/74306"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1032220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/74306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1032220"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-01 13:29
Modified
2024-11-21 02:47
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2017/dsa-3764 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-3764 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| powerdns | authoritative | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FA5005-E976-4048-90E5-284B21F88220",
"versionEndIncluding": "3.4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10A7BF1E-A1EB-4FCA-8578-66EEBFB16443",
"versionEndIncluding": "4.0.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary."
},
{
"lang": "es",
"value": "Se ha encontrado un problema en PowerDNS Authoritative Server en versiones hasta (e incluyendo) las 3.4.10 y 4.0.1 que permite que un usuario provoque el cierre inesperado del servidor insertando un registro especialmente manipulado en una zona bajo su control para despu\u00e9s enviar una consulta DNS hacia ese registro. El problema se debe a un desbordamiento de enteros al comprobar si el contenido del registro coincide con el tama\u00f1o esperado, lo que permite que un atacante lea tras los l\u00edmites del b\u00fafer."
}
],
"id": "CVE-2016-2120",
"lastModified": "2024-11-21T02:47:52.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-01T13:29:00.253",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3764"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-02 09:15
Modified
2024-11-21 05:15
Severity ?
Summary
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C066F9B-E844-4EA6-9734-73A70BE621F7",
"versionEndIncluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig.\u0026#xa0;Un atacante no autenticado remoto puede causar una denegaci\u00f3n de servicio mediante el env\u00edo de consultas dise\u00f1adas con una firma GSS-TSIG"
}
],
"id": "CVE-2020-24697",
"lastModified": "2024-11-21T05:15:49.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-02T09:15:13.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-15 17:15
Modified
2024-11-21 02:32
Severity ?
Summary
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.debian.org/security/2015/dsa-3347 | Third Party Advisory | |
| secalert@redhat.com | http://www.securitytracker.com/id/1033475 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3347 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033475 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35DFF61D-216C-4032-91A5-6BA64FB39166",
"versionEndExcluding": "3.4.6",
"versionStartIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets."
},
{
"lang": "es",
"value": "El paquete de an\u00e1lisis DNS y el c\u00f3digo de generaci\u00f3n de PowerDNS (tambi\u00e9n se conoce como pdns) Authoritative Server versiones anteriores a 3.4.6, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de paquetes de consulta dise\u00f1ados."
}
],
"id": "CVE-2015-5230",
"lastModified": "2024-11-21T02:32:36.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-15T17:15:13.457",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3347"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033475"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-29 18:29
Modified
2024-11-21 03:42
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative | * | |
| powerdns | recursor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2FEED8-6595-4DE8-8A03-8ADD39BADCC9",
"versionEndIncluding": "4.1.4",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E64C51F-8B86-4454-9160-FE549AA481ED",
"versionEndIncluding": "4.1.4",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service."
},
{
"lang": "es",
"value": "PowerDNS Authoritative Server desde la versi\u00f3n 3.3.0 hasta la 4.1.4 excluyendo las versiones 4.1.5 y 4.0.6, y PowerDNS Recursor desde la versi\u00f3n 3.2 hasta la 4.1.4 excluyendo las versiones 4.1.5 y 4.0.9, son vulnerables a una fuga de memoria cuando se analizan registros mal formados que pueden conducir a una denegaci\u00f3n de servicio (DoS) remota."
}
],
"id": "CVE-2018-10851",
"lastModified": "2024-11-21T03:42:08.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-29T18:29:00.303",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201907-1556
Vulnerability from variot
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. PowerDNS Authoritative Server Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. PowerDNSAuthoritativeServer is a DNS server of the Dutch PowerDNS company. A security vulnerability exists in PowerDNSAuthoritativeServer 4.1.8 and earlier. An attacker could exploit the vulnerability by sending a large number of NOTIFY packets to cause a denial of service. PowerDNS Authoritative Server is prone to a denial-of-service vulnerability. PowerDNS Authoritative Server version 4.1.8 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4470-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2019 https://www.debian.org/security/faq
Package : pdns CVE ID : CVE-2019-10162 CVE-2019-10163
Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup.
For the stable distribution (stretch), these problems have been fixed in version 4.0.3-1+deb9u5.
We recommend that you upgrade your pdns packages.
For the detailed security status of pdns please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pdns
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0P6LYACgkQEMKTtsN8 Tjbi2RAAqjNYSOlZ5W/yfVxGPO5OiyC8XojhGPuPdVmByyCDTqzgPtZftKHxXfD2 0sdc5/NM7ZNC/3brzRrVlMVRm7/bJvPloeDAGb8bnSzge9Nzz9FB7zcQxc5fdaqA pn7/++FWXDmOVy2NEObcerk/SodAWDpVfmIZP6kH3aIeGs0WrUA/cusmV+C94kgv 6XVJ3IW2dsIQrHvkoBMi4TJg5PrIHW0RruuJHlUSUgTusZ3XQS+hd93dciK7E+an xi0yB5oA6Mb/vw7DzlBRQfkgMiG6p9YRTgXwBdvrxqEVkNYpq9G/xH+nUdE6rDqt M3bG5tUMGCdtywwmwaSGXvkv6/5puPkMRpJIyTeVQTVYMbOgWyovC5sB5T8JytyD tW7qpbv/Mbhw0mmh0m8KoWnegNQhTTn8d3IKCxalB9JYpw3zhkHmfQW79lBRtqCy SvJEhkOVW7yhsWCl+HjKMXphsPST/oeKP3vJx4ET+4n58OfOt9Fm7rx406g2sY2o NsUwTdF3GDD00v0iuF+Vcm2nA6Qj6dOAXlp4kZygjFbDao4iF6lzY4KGDYS/Pn5Z kB4g58ShfWkAE+/WAvF8QVNcICnlI3l9SxwR2NiY/x6O53vkYBWeiJP/OvRQhlPQ Kw4enCb3qrjgb6jMNDPBMe8TjMh92sEqiXPQBy57OcStAjcfxfI= =nUCz -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-1556",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "backports",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "sle-15"
},
{
"model": "authoritative",
"scope": "gte",
"trust": 1.0,
"vendor": "powerdns",
"version": "4.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "authoritative",
"scope": "lt",
"trust": 1.0,
"vendor": "powerdns",
"version": "4.1.9"
},
{
"model": "authoritative",
"scope": "gte",
"trust": 1.0,
"vendor": "powerdns",
"version": "4.1.0"
},
{
"model": "authoritative",
"scope": "lt",
"trust": 1.0,
"vendor": "powerdns",
"version": "4.0.8"
},
{
"model": "authoritative",
"scope": "eq",
"trust": 1.0,
"vendor": "powerdns",
"version": "4.1.0"
},
{
"model": "authoritative server",
"scope": "lt",
"trust": 0.8,
"vendor": "powerdns",
"version": "4.0.8"
},
{
"model": "authoritative server",
"scope": "lt",
"trust": 0.8,
"vendor": "powerdns",
"version": "4.1.9"
},
{
"model": "authoritative server",
"scope": "lte",
"trust": 0.6,
"vendor": "powerdns",
"version": "\u003c=4.1.8"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.1.8"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.1.7"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.1.6"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.1.5"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.1.4"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.1.3"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.1.2"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.1.1"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.1"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.0.7"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.0.6"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.0.5"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.0.4"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.0.3"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.0.2"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.0.1"
},
{
"model": "authoritative server 4.0.0-rc2",
"scope": null,
"trust": 0.3,
"vendor": "powerdns",
"version": null
},
{
"model": "authoritative server 4.0.0-beta1",
"scope": null,
"trust": 0.3,
"vendor": "powerdns",
"version": null
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.0.0"
},
{
"model": "authoritative server",
"scope": "ne",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.1.9"
},
{
"model": "authoritative server",
"scope": "ne",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.0.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19481"
},
{
"db": "BID",
"id": "108878"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007437"
},
{
"db": "NVD",
"id": "CVE-2019-10163"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:powerdns:authoritative:4.1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.9",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.8",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10163"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian,Gert van Dijk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-866"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10163",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10163",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-19481",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10163",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10163",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-10163",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2019-19481",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-866",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-10163",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19481"
},
{
"db": "VULMON",
"id": "CVE-2019-10163"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007437"
},
{
"db": "NVD",
"id": "CVE-2019-10163"
},
{
"db": "NVD",
"id": "CVE-2019-10163"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-866"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. PowerDNS Authoritative Server Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. PowerDNSAuthoritativeServer is a DNS server of the Dutch PowerDNS company. A security vulnerability exists in PowerDNSAuthoritativeServer 4.1.8 and earlier. An attacker could exploit the vulnerability by sending a large number of NOTIFY packets to cause a denial of service. PowerDNS Authoritative Server is prone to a denial-of-service vulnerability. \nPowerDNS Authoritative Server version 4.1.8 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4470-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 23, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : pdns\nCVE ID : CVE-2019-10162 CVE-2019-10163\n\nTwo vulnerabilities have been discovered in pdns, an authoritative DNS\nserver which may result in denial of service via malformed zone records\nand excessive NOTIFY packets in a master/slave setup. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.0.3-1+deb9u5. \n\nWe recommend that you upgrade your pdns packages. \n\nFor the detailed security status of pdns please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/pdns\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0P6LYACgkQEMKTtsN8\nTjbi2RAAqjNYSOlZ5W/yfVxGPO5OiyC8XojhGPuPdVmByyCDTqzgPtZftKHxXfD2\n0sdc5/NM7ZNC/3brzRrVlMVRm7/bJvPloeDAGb8bnSzge9Nzz9FB7zcQxc5fdaqA\npn7/++FWXDmOVy2NEObcerk/SodAWDpVfmIZP6kH3aIeGs0WrUA/cusmV+C94kgv\n6XVJ3IW2dsIQrHvkoBMi4TJg5PrIHW0RruuJHlUSUgTusZ3XQS+hd93dciK7E+an\nxi0yB5oA6Mb/vw7DzlBRQfkgMiG6p9YRTgXwBdvrxqEVkNYpq9G/xH+nUdE6rDqt\nM3bG5tUMGCdtywwmwaSGXvkv6/5puPkMRpJIyTeVQTVYMbOgWyovC5sB5T8JytyD\ntW7qpbv/Mbhw0mmh0m8KoWnegNQhTTn8d3IKCxalB9JYpw3zhkHmfQW79lBRtqCy\nSvJEhkOVW7yhsWCl+HjKMXphsPST/oeKP3vJx4ET+4n58OfOt9Fm7rx406g2sY2o\nNsUwTdF3GDD00v0iuF+Vcm2nA6Qj6dOAXlp4kZygjFbDao4iF6lzY4KGDYS/Pn5Z\nkB4g58ShfWkAE+/WAvF8QVNcICnlI3l9SxwR2NiY/x6O53vkYBWeiJP/OvRQhlPQ\nKw4enCb3qrjgb6jMNDPBMe8TjMh92sEqiXPQBy57OcStAjcfxfI=\n=nUCz\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10163"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007437"
},
{
"db": "CNVD",
"id": "CNVD-2019-19481"
},
{
"db": "BID",
"id": "108878"
},
{
"db": "VULMON",
"id": "CVE-2019-10163"
},
{
"db": "PACKETSTORM",
"id": "153381"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10163",
"trust": 3.5
},
{
"db": "BID",
"id": "108878",
"trust": 1.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2234",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007437",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "153381",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-19481",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2436",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-866",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-10163",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19481"
},
{
"db": "VULMON",
"id": "CVE-2019-10163"
},
{
"db": "BID",
"id": "108878"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007437"
},
{
"db": "PACKETSTORM",
"id": "153381"
},
{
"db": "NVD",
"id": "CVE-2019-10163"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-866"
}
]
},
"id": "VAR-201907-1556",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19481"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19481"
}
]
},
"last_update_date": "2023-12-18T12:50:10.879000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PowerDNS Authoritative Server 4.0.8 and 4.1.10 Released",
"trust": 0.8,
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"title": "PowerDNS Security Advisory 2019-05: Denial of service via NOTIFY packets",
"trust": 0.8,
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
},
{
"title": "PowerDNSAuthoritativeServer denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/165551"
},
{
"title": "PowerDNS Authoritative Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94008"
},
{
"title": "Debian Security Advisories: DSA-4470-1 pdns -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ef0d33d49b08fb003c26be24d917554f"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-10163 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19481"
},
{
"db": "VULMON",
"id": "CVE-2019-10163"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007437"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-866"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
},
{
"problemtype": "CWE-400",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007437"
},
{
"db": "NVD",
"id": "CVE-2019-10163"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
},
{
"trust": 1.7,
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-10163"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10163"
},
{
"trust": 1.3,
"url": "http://www.debian.org/security/2019/dsa-4470"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2234/"
},
{
"trust": 0.9,
"url": "http://www.powerdns.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10163"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/108878"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00002.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2436/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/powerdns-denial-of-service-via-notify-packets-29602"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153381/debian-security-advisory-4470-1.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-10163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/pdns"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10162"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19481"
},
{
"db": "VULMON",
"id": "CVE-2019-10163"
},
{
"db": "BID",
"id": "108878"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007437"
},
{
"db": "PACKETSTORM",
"id": "153381"
},
{
"db": "NVD",
"id": "CVE-2019-10163"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-866"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-19481"
},
{
"db": "VULMON",
"id": "CVE-2019-10163"
},
{
"db": "BID",
"id": "108878"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007437"
},
{
"db": "PACKETSTORM",
"id": "153381"
},
{
"db": "NVD",
"id": "CVE-2019-10163"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-866"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19481"
},
{
"date": "2019-07-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10163"
},
{
"date": "2019-06-21T00:00:00",
"db": "BID",
"id": "108878"
},
{
"date": "2019-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007437"
},
{
"date": "2019-06-23T19:22:22",
"db": "PACKETSTORM",
"id": "153381"
},
{
"date": "2019-07-30T23:15:12.263000",
"db": "NVD",
"id": "CVE-2019-10163"
},
{
"date": "2019-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-866"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19481"
},
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10163"
},
{
"date": "2019-06-21T00:00:00",
"db": "BID",
"id": "108878"
},
{
"date": "2019-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007437"
},
{
"date": "2023-02-03T14:27:58.510000",
"db": "NVD",
"id": "CVE-2019-10163"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-866"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-866"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PowerDNS Authoritative Server Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007437"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-866"
}
],
"trust": 0.6
}
}
var-202010-0408
Vulnerability from variot
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. PowerDNS Authoritative Server Contains an information disclosure vulnerability.Information may be obtained. PowerDNS Authoritative Server is a DNS server of Dutch PowerDNS company.
Background
The PowerDNS nameserver is an authoritative-only nameserver which uses a flexible backend architecture.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/pdns < 4.3.1 >= 4.3.1
Description
It was discovered that PowerDNS did not properly handle certain unknown records. Crafted records cannot be inserted via AXFR.
Workaround
Do not take zone data from untrusted users.
Resolution
All PowerDNS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/pdns-4.3.1"
References
[ 1 ] CVE-2020-17482 https://nvd.nist.gov/vuln/detail/CVE-2020-17482 [ 2 ] PowerDNS Security Advisory 2020-05
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202012-18
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0408",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "authoritative",
"scope": "lt",
"trust": 1.0,
"vendor": "powerdns",
"version": "4.3.1"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.8,
"vendor": "powerdns",
"version": null
},
{
"model": "authoritative server",
"scope": "lt",
"trust": 0.8,
"vendor": "powerdns",
"version": "4.3.1 less than"
},
{
"model": "authoritative server",
"scope": "lt",
"trust": 0.6,
"vendor": "powerdns",
"version": "4.3.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57064"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012088"
},
{
"db": "NVD",
"id": "CVE-2020-17482"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-17482"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "160711"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1634"
}
],
"trust": 0.7
},
"cve": "CVE-2020-17482",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-17482",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-57064",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-17482",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-17482",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-57064",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1634",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57064"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012088"
},
{
"db": "NVD",
"id": "CVE-2020-17482"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1634"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. PowerDNS Authoritative Server Contains an information disclosure vulnerability.Information may be obtained. PowerDNS Authoritative Server is a DNS server of Dutch PowerDNS company. \n\nBackground\n==========\n\nThe PowerDNS nameserver is an authoritative-only nameserver which uses\na flexible backend architecture. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/pdns \u003c 4.3.1 \u003e= 4.3.1\n\nDescription\n===========\n\nIt was discovered that PowerDNS did not properly handle certain unknown\nrecords. \nCrafted records cannot be inserted via AXFR. \n\nWorkaround\n==========\n\nDo not take zone data from untrusted users. \n\nResolution\n==========\n\nAll PowerDNS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/pdns-4.3.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-17482\n https://nvd.nist.gov/vuln/detail/CVE-2020-17482\n[ 2 ] PowerDNS Security Advisory 2020-05\n \nhttps://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202012-18\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-17482"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012088"
},
{
"db": "CNVD",
"id": "CNVD-2020-57064"
},
{
"db": "PACKETSTORM",
"id": "160711"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-17482",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012088",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160711",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-57064",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "50576",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1634",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57064"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012088"
},
{
"db": "PACKETSTORM",
"id": "160711"
},
{
"db": "NVD",
"id": "CVE-2020-17482"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1634"
}
]
},
"id": "VAR-202010-0408",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57064"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57064"
}
]
},
"last_update_date": "2023-12-18T13:23:08.192000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Leaking\u00a0uninitialised\u00a0memory\u00a0through\u00a0crafted\u00a0zone\u00a0records",
"trust": 0.8,
"url": "https://github.com/powerdns/pdns"
},
{
"title": "Patch for PowerDNS Authoritative Server information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/236497"
},
{
"title": "PowerDNS Authoritative Server Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131086"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57064"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012088"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-908",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012088"
},
{
"db": "NVD",
"id": "CVE-2020-17482"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17482"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202012-18"
},
{
"trust": 1.6,
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
},
{
"trust": 1.6,
"url": "https://github.com/powerdns/pdns"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/powerdns-information-disclosure-via-zone-records-33428"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50576"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160711/gentoo-linux-security-advisory-202012-18.html"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57064"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012088"
},
{
"db": "PACKETSTORM",
"id": "160711"
},
{
"db": "NVD",
"id": "CVE-2020-17482"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1634"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-57064"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012088"
},
{
"db": "PACKETSTORM",
"id": "160711"
},
{
"db": "NVD",
"id": "CVE-2020-17482"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1634"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-57064"
},
{
"date": "2021-04-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012088"
},
{
"date": "2020-12-24T17:18:18",
"db": "PACKETSTORM",
"id": "160711"
},
{
"date": "2020-10-02T09:15:13.570000",
"db": "NVD",
"id": "CVE-2020-17482"
},
{
"date": "2020-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1634"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-57064"
},
{
"date": "2021-04-23T08:59:00",
"db": "JVNDB",
"id": "JVNDB-2020-012088"
},
{
"date": "2022-01-01T18:15:21.490000",
"db": "NVD",
"id": "CVE-2020-17482"
},
{
"date": "2022-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1634"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "160711"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1634"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PowerDNS Authoritative Server information disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57064"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1634"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1634"
}
],
"trust": 0.6
}
}