CVE-2016-2120 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Denial of service |
Description | An issue has been found in PowerDNS Authoritative Server allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-147 | powerdns | 4.0.1-7 | 4.0.2-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
19 Jan 2017 | ASA-201701-29 | AVG-147 | powerdns | Medium | multiple issues |
References |
---|
http://seclists.org/oss-sec/2017/q1/97 https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/ |
Notes |
---|
PowerDNS Authoritative Server up to and including 3.4.10 and 4.0.1 are affected. |