CVE-2017-15094 - log back

CVE-2017-15094 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, during a code audit by Nixu, leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting 'dnssec' to a value other than 'off' or 'process-no-validate' (default).
References
+ https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html
+ https://github.com/PowerDNS/pdns/commit/e87fe3987ab9a3b900544a0fc3bcf41068eef92a
Notes