Medium severity6.8NVD Advisory· Published Sep 26, 2016· Updated Jun 17, 2026
CVE-2016-6172
CVE-2016-6172
Description
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- Range: <4.0.1
- osv-coords2 versionspkg:rpm/opensuse/pdns&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/pdns-recursor&distro=openSUSE%20Tumbleweed
< 4.0.1-1.2+ 1 more
- (no CPE)range: < 4.0.1-1.2
- (no CPE)range: < 4.0.3-1.2
Patches
Vulnerability mechanics
References
11- github.com/sischkg/xfer-limit/blob/master/README.mdnvdPatch
- lists.opensuse.org/opensuse-updates/2016-08/msg00085.htmlnvdThird Party Advisory
- lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.htmlnvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2016/07/06/3nvdMailing List
- doc.powerdns.com/md/changelog/nvdRelease Notes
- github.com/PowerDNS/pdns/issues/4128nvdIssue Tracking
- github.com/PowerDNS/pdns/issues/4133nvdIssue Tracking
- github.com/PowerDNS/pdns/pull/4134nvdIssue Tracking
- www.debian.org/security/2016/dsa-3664nvd
- www.securityfocus.com/bid/91678nvd
- www.securitytracker.com/id/1036242nvd
News mentions
0No linked articles in our index yet.