Published: 27/07/2018 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue has been found in the parsing of authoritative answers in PowerDNS Recursor prior to 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns recursor
debian debian linux 8.0
debian debian linux 9.0

Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer The oldstable distribution (jessie) is not affected For the stable distribution (stretch), this problem has been fixed in version 404-1+deb9u3 We recommend that you upgrade your pdns-re ...

PowerDNS CVE-2017-15120 / DO NOT ABUSE

CVE-2017-15120_PoC PowerDNS CVE-2017-15120 / DO NOT ABUSE

CWE-476 https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120 http://seclists.org/oss-sec/2017/q4/382 https://www.debian.org/security/2017/dsa-4063 http://www.securityfocus.com/bid/106335 https://nvd.nist.gov https://www.debian.org/security/./dsa-4063 https://github.com/shutingrz/CVE-2017-15120_PoC

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-15120

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect