PowerDNS Authoritative Server Vulnerability Allows Authorized User to Crash Server
CVE-2019-10162

3.5LOW

Key Information:

Vendor
Powerdns
Status
Pdns
Vendor
CVE Published:
30 July 2019

Summary

A vulnerability exists in the PowerDNS Authoritative Server versions prior to 4.1.10 and 4.0.8 that allows an authorized user to crash the server. This occurs when the server encounters a parsing error while processing a crafted record in a MASTER type zone controlled by the user. Due to this flaw, the server exits unexpectedly, leading to potential disruptions in service.

Affected Version(s)

pdns fixed in 4.1.10

pdns fixed in 4.0.8

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162
x_refsource_CONFIRM
https://blog.powerdns.com/2019/06/21/powerdns-authoritati...
x_refsource_CONFIRM
https://doc.powerdns.com/authoritative/security-advisorie...
x_refsource_MISC

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.