CVE-2016-2120 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | An issue has been found in PowerDNS Authoritative Server allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-147 | powerdns | 4.0.1-7 | 4.0.2-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 19 Jan 2017 | ASA-201701-29 | AVG-147 | powerdns | Medium | multiple issues |
| References |
|---|
http://seclists.org/oss-sec/2017/q1/97 https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/ |
| Notes |
|---|
PowerDNS Authoritative Server up to and including 3.4.10 and 4.0.1 are affected. |