CVE-2017-15094 log

Severity Medium
Remote Yes
Type Denial of service
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, during a code audit by Nixu, leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting 'dnssec' to a value other than 'off' or 'process-no-validate' (default).
Group Package Affected Fixed Severity Status Ticket
AVG-520 powerdns-recursor 4.0.6-3 4.0.7-1 Medium Fixed
Date Advisory Group Package Severity Type
27 Nov 2017 ASA-201711-31 AVG-520 powerdns-recursor Medium multiple issues