---

CVE-2017-15094 - log back

CVE-2017-15094 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, during a code audit by Nixu, leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting 'dnssec' to a value other than 'off' or 'process-no-validate' (default).
References	+ https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html + https://github.com/PowerDNS/pdns/commit/e87fe3987ab9a3b900544a0fc3bcf41068eef92a
Notes