Unrated severityOSV Advisory· Published Nov 1, 2018· Updated Aug 5, 2024

CVE-2016-2120

Description

An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.

Affected products

PowerDNS/PdnsOSV
Range: auth-3.1-rc1, auth-3.1-rc2, auth-3.1-rc3, …
osv-coords2 versions
pkg:rpm/opensuse/pdns&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/pdns-recursor&distro=openSUSE%20Tumbleweed
< 4.5.1-1.5+ 1 more
- (no CPE)range: < 4.5.1-1.5
- (no CPE)range: < 4.5.5-1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2017/dsa-3764mitrevendor-advisoryx_refsource_DEBIAN
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000