CVE-2019-10163Allocation of Resources Without Limits or Throttling in Authoritative

CWE-770Allocation of Resources Without Limits or Throttling8 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 99.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Open-xchange PdnsPowerdns AuthoritativePowerdns Pdns+2 more
Timeline
PublishedJul 30
Latest updateMay 24

Description

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

NVDpowerdns/authoritative4.0.04.0.8+2
CVEListV5powerdns/pdnsfixed in 4.0.8, fixed in 4.1.9+1
Debianopen-xchange/pdns< 4.1.6-3+3
NVDopensuse/leap15.0, 15.1+1
NVDopensuse/backportssle-15

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-25qr-4mfj-987c: A Vulnerability has been found in PowerDNS Authoritative Server before versions 42022-05-24
OSV
CVE-2019-10163: A Vulnerability has been found in PowerDNS Authoritative Server before versions 42019-07-30
CVEList
CVE-2019-10163: A Vulnerability has been found in PowerDNS Authoritative Server before versions 42019-07-30

📋Vendor Advisories

1
Debian
CVE-2019-10163: pdns - A Vulnerability has been found in PowerDNS Authoritative Server before versions ...2019

💬Community

3
Bugzilla
CVE-2019-10163 pdns: denial-of-service via NOTIFY packets [epel-all]2019-07-10
Bugzilla
CVE-2019-10163 pdns: denial-of-service via NOTIFY packets [fedora-all]2019-07-10
Bugzilla
CVE-2019-10163 pdns: denial-of-service via NOTIFY packets2019-07-10
CVE-2019-10163 — Powerdns Authoritative vulnerability | cvebase