Published: 21/09/2016 Updated: 13/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

PowerDNS (aka pdns) Authoritative Server prior to 3.4.10 allows remote malicious users to cause a denial of service (backend CPU consumption) via a long qname.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns authoritative

Debian Bug report logs - #830808 pdns: CVE-2016-6172: Improper restriction of zone size limit Package: src:pdns; Maintainer for src:pdns is pdns packagers <pdns@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 11 Jul 2016 18:45:06 UTC Severity: important Tags: security, upstream ...

Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-5426 / CVE-2016-5427 Florian Heinz and Martin Kluge reported that the PowerDNS Authoritative Server accepts queries with a qname's length larger than 255 bytes ...

CWE-399 https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/http://www.openwall.com/lists/oss-security/2016/09/09/3 https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3 http://www.securityfocus.com/bid/92917 http://www.debian.org/security/2016/dsa-3664 http://www.securitytracker.com/id/1036761 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830808 https://nvd.nist.gov https://www.debian.org/security/./dsa-3664

CVE-2016-5426

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect