CVE-2019-10162Uncontrolled Resource Consumption in Authoritative

CWE-400Uncontrolled Resource Consumption8 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 99.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Open-xchange PdnsPowerdns AuthoritativePowerdns Pdns+1 more
Timeline
PublishedJul 30
Latest updateMay 24

Description

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDpowerdns/authoritative4.0.04.0.8+2
CVEListV5powerdns/pdnsfixed in 4.0.8, fixed in 4.1.10+1
Debianopen-xchange/pdns< 4.1.6-3+3
NVDopensuse/leap15.0, 15.1+1

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-66xg-v84p-j4x5: A vulnerability has been found in PowerDNS Authoritative Server before versions 42022-05-24
CVEList
CVE-2019-10162: A vulnerability has been found in PowerDNS Authoritative Server before versions 42019-07-30
OSV
CVE-2019-10162: A vulnerability has been found in PowerDNS Authoritative Server before versions 42019-07-30

📋Vendor Advisories

1
Debian
CVE-2019-10162: pdns - A vulnerability has been found in PowerDNS Authoritative Server before versions ...2019

💬Community

3
Bugzilla
CVE-2019-10162 pdns: denial-of-service via crafted zone records [fedora-all]2019-07-10
Bugzilla
CVE-2019-10162 pdns: denial-of-service via crafted zone records2019-07-10
Bugzilla
CVE-2019-10162 pdns: denial-of-service via crafted zone records [epel-all]2019-07-10
CVE-2019-10162 — Uncontrolled Resource Consumption | cvebase