FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

powerdns -- Leaking uninitialised memory through crafted zone records

Affected packages
4.3.0 <= powerdns < 4.3.1
4.2.0 <= powerdns < 4.2.3
4.1.0 <= powerdns < 4.1.14

Details

VuXML ID b371db92-fe34-11ea-b90e-6805ca2fa271
Discovery 2020-09-22
Entry 2020-09-24

PowerDNS Team reports

CVE-2020-17482: An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be inserted via AXFR.

[source]

References

CVE Name CVE-2020-17482
URL https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.