Memory Leak Vulnerability in PowerDNS Authoritative Server
CVE-2020-17482

4.3MEDIUM

Key Information:

Vendor
Powerdns
Status
Authoritative
Vendor
CVE Published:
2 October 2020

Summary

A vulnerability exists in PowerDNS Authoritative Server prior to version 4.3.1 that may allow an authorized user to exploit the functionality to insert specially crafted records into a zone. This could potentially enable the leakage of uninitialized memory content, posing a security risk to the system. It is essential for organizations using affected versions to evaluate their exposure and apply the necessary updates to safeguard against such vulnerabilities.

References

https://github.com/PowerDNS/pdns
x_refsource_MISC
https://doc.powerdns.com/authoritative/security-advisorie...
x_refsource_CONFIRM
https://security.gentoo.org/glsa/202012-18
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.