CVE-2017-15120NULL Pointer Dereference in Recursor

CWE-476NULL Pointer Dereference8 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 43.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Powerdns RecursorPowerdns Pdns-recursorDebian Linux
Timeline
PublishedJul 27
Latest updateMay 13

Description

An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDpowerdns/recursor< 4.0.8
CVEListV5powerdns/pdns-recursor4.0.8

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: seclists.orgPatch: doc.powerdns.comPatch: seclists.org

🔴Vulnerability Details

3
GHSA
GHSA-rxpc-3cmh-w743: An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 42022-05-13
CVEList
CVE-2017-15120: An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 42018-07-27
OSV
CVE-2017-15120: An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 42018-07-27

📋Vendor Advisories

1
Debian
CVE-2017-15120: pdns-recursor - An issue has been found in the parsing of authoritative answers in PowerDNS Recu...2017

💬Community

3
Bugzilla
CVE-2017-15120 pdns-recursor: Crafted CNAME answer can cause a denial of service [fedora-all]2017-12-12
Bugzilla
CVE-2017-15120 pdns-recursor: Crafted CNAME answer can cause a denial of service2017-12-12
Bugzilla
CVE-2017-15090 CVE-2017-15092 CVE-2017-15093 CVE-2017-15094 CVE-2017-15120 pdns-recursor: various flaws [epel-all]2017-12-11
CVE-2017-15120 — NULL Pointer Dereference in Recursor | cvebase