CVE-2016-7072Improper Input Validation in Authoritative

CWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption6 documents6 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.0%
top 91.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Open-xchange PdnsPowerdns AuthoritativeDebian Linux
Timeline
PublishedSep 10
Latest updateMay 13

Description

An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accep

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDpowerdns/authoritative4.0.04.0.2+1
Debianopen-xchange/pdns< 4.0.2-1+3
CVEListV5open-xchange/pdns3.4.11, 4.0.2+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-64pc-8jh2-hf6v: An issue has been found in PowerDNS Authoritative Server before 32022-05-13
OSV
CVE-2016-7072: An issue has been found in PowerDNS Authoritative Server before 32018-09-10
CVEList
CVE-2016-7072: An issue has been found in PowerDNS Authoritative Server before 32018-09-10

📋Vendor Advisories

1
Debian
CVE-2016-7072: pdns - An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2...2016

💬Community

1
Bugzilla
CVE-2016-7072 pdns: Denial of service via the web server2018-09-10
CVE-2016-7072 — Improper Input Validation | cvebase