CVE-2017-15120
published 2018-07-27CVE-2017-15120: An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a…
PriorityP352high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
51.79%
98.8th percentile
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | pdns-recursor | < pdns-recursor 4.1.0-1 (bookworm) | pdns-recursor 4.1.0-1 (bookworm) |
| powerdns | pdns-recursor | — | — |
| powerdns | pdns-recursor | >= 0 < 4.1.0-1 | 4.1.0-1 |
| powerdns | pdns-recursor | >= 0 < 4.1.0-1 | 4.1.0-1 |
| powerdns | pdns-recursor | >= 0 < 4.1.0-1 | 4.1.0-1 |
| powerdns | pdns-recursor | >= 0 < 4.1.0-1 | 4.1.0-1 |
| powerdns | recursor | < 4.0.8 | 4.0.8 |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: a specially crafted DNS authoritative answer containing a CNAME record with a class other than IN (e.g., CH, HS) causes a NULL pointer dereference in PowerDNS Recursor before 4.0.8, resulting in a crash/DoS ↗
- →The attack is unauthenticated and remotely exploitable — monitor for DNS CNAME responses with non-IN class values (e.g., class field != 0x0001) directed at PowerDNS Recursor instances ↗
- →Crash/process termination of pdns-recursor (NULL pointer dereference) can serve as an indicator of exploitation; monitor for unexpected pdns_recursor process exits ↗
- ·Vulnerability affects PowerDNS Recursor versions before 4.0.8 only; versions 4.0.8+ and 4.1.0+ are not affected. Confirm installed version before applying detection logic. ↗
- ·Debian resolved this in package version 4.1.0-1 across all active releases (bookworm, bullseye, sid, trixie, forky); Fedora/EPEL resolved it in pdns-recursor-4.1.3-2. ↗
- ·Debian scopes this vulnerability as 'local' in its tracker, which may affect risk prioritization in some environments, though the upstream description states it is remotely exploitable. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2017-15120: pdns-recursor - An issue has been found in the parsing of authoritative answers in PowerDNS Recu...
vendor_debian·2017·CVSS 7.5
CVE-2017-15120 [HIGH] CVE-2017-15120: pdns-recursor - An issue has been found in the parsing of authoritative answers in PowerDNS Recu...
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.
Scope: local
bookworm: resolved (fixed in 4.1.0-1)
bullseye: resolved (fixed in 4.1.0-1)
forky: resolved (fixed in 4.1.0-1)
sid: resolved (fixed in 4.1.0-1)
trixie: resolved (fixed in 4.1.0-1)
GHSA
GHSA-rxpc-3cmh-w743: An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4
ghsa_unreviewed·2022-05-13
CVE-2017-15120 [HIGH] CWE-476 GHSA-rxpc-3cmh-w743: An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.
OSV
CVE-2017-15120: An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4
osv·2018-07-27·CVSS 7.5
CVE-2017-15120 [HIGH] CVE-2017-15120: An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-15120 pdns-recursor: Crafted CNAME answer can cause a denial of service [fedora-all]
bugzilla·2017-12-12·CVSS 7.5
CVE-2017-15120 [HIGH] CVE-2017-15120 pdns-recursor: Crafted CNAME answer can cause a denial of service [fedora-all]
CVE-2017-15120 pdns-recursor: Crafted CNAME answer can cause a denial of service [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple su
Bugzilla
CVE-2017-15120 pdns-recursor: Crafted CNAME answer can cause a denial of service
bugzilla·2017-12-12·CVSS 7.5
CVE-2017-15120 [HIGH] CVE-2017-15120 pdns-recursor: Crafted CNAME answer can cause a denial of service
CVE-2017-15120 pdns-recursor: Crafted CNAME answer can cause a denial of service
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.
References:
http://seclists.org/oss-sec/2017/q4/382
Discussion:
Created pdns-recursor tracking bugs for this issue:
Affects: fedora-all [bug 1524931]
---
Created pdns-recursor tracking bugs for this issue:
Affects: epel-all [bug 1524451]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for
Bugzilla
CVE-2017-15090 CVE-2017-15092 CVE-2017-15093 CVE-2017-15094 CVE-2017-15120 pdns-recursor: various flaws [epel-all]
bugzilla·2017-12-11·CVSS 5.9
CVE-2017-15090 [MEDIUM] CVE-2017-15090 CVE-2017-15092 CVE-2017-15093 CVE-2017-15094 CVE-2017-15120 pdns-recursor: various flaws [epel-all]
CVE-2017-15090 CVE-2017-15092 CVE-2017-15093 CVE-2017-15094 CVE-2017-15120 pdns-recursor: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue
http://seclists.org/oss-sec/2017/q4/382http://www.securityfocus.com/bid/106335https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.htmlhttps://www.debian.org/security/2017/dsa-4063http://seclists.org/oss-sec/2017/q4/382http://www.securityfocus.com/bid/106335https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.htmlhttps://www.debian.org/security/2017/dsa-4063
2018-07-27
Published