Published: 01/11/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an malicious user to cause a read past the buffer boundary.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns authoritative
debian debian linux 8.0

Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2120 Mathieu Lafon discovered that pdns does not properly validate records in zones An authorized user can take advantage of this flaw to crash server by inser ...

An issue has been found in PowerDNS Authoritative Server allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to ...

CWE-190 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120 https://www.debian.org/security/2017/dsa-3764 https://www.debian.org/security/./dsa-3764 https://nvd.nist.gov

CVE-2016-2120

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect