Published: 23/01/2018 Updated: 09/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns recursor

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 400 and up to and including 406, during a code audit by Nixu, leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys These keys are only parsed when validation is enabled by setting 'dnssec' to a value other than 'off' or 'process-no-validate' (defa ...

Open source nameserver used by millions needs patching

The Register • Richard Chirgwin • 28 Nov 2017

PowerDNS admins, feel free to fix these DNSSEC bugs before something nasty happens

Open source DNS software vendor PowerDNS has advised users to patch its "Authoritative" and "Recursor" products, to squish five bugs disclosed today. None of the bugs pose a risk that PowerDNS might itself be compromised, but this is the DNS: what an attacker can do is fool around with DNS records in various ways. That can be catastrophic if done right: for example, if a network is tricked into advertising itself as the whole of the Internet, it can be hosed, or if the wrong network promises it'...

CVE-2017-15094

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect