CVE-2016-2120 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
An issue has been found in PowerDNS Authoritative Server allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.
Group Package Affected Fixed Severity Status Ticket
AVG-147 powerdns 4.0.1-7 4.0.2-1 Medium Fixed
Date Advisory Group Package Severity Description
19 Jan 2017 ASA-201701-29 AVG-147 powerdns Medium multiple issues
References
http://seclists.org/oss-sec/2017/q1/97
https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/
Notes
PowerDNS Authoritative Server up to and including 3.4.10 and 4.0.1 are affected.