CVE-2016-2120 log

Severity Medium
Remote Yes
Type Denial of service
An issue has been found in PowerDNS Authoritative Server allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.
Group Package Affected Fixed Severity Status Ticket
AVG-147 powerdns 4.0.1-7 4.0.2-1 Medium Fixed
Date Advisory Group Package Severity Type
19 Jan 2017 ASA-201701-29 AVG-147 powerdns Medium multiple issues
PowerDNS Authoritative Server up to and including 3.4.10 and 4.0.1 are affected.