CVE-2020-10030Out-of-bounds Read in Recursor

CWE-125Out-of-bounds Read8 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 91.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Powerdns Recursor
Timeline
PublishedMay 19
Latest updateMay 24

Description

An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not af

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDpowerdns/recursor4.1.04.3.0

🔴Vulnerability Details

3
GHSA
GHSA-v7fw-2gqv-66rx: An issue has been found in PowerDNS Recursor 42022-05-24
CVEList
CVE-2020-10030: An issue has been found in PowerDNS Recursor 42020-05-19
OSV
CVE-2020-10030: An issue has been found in PowerDNS Recursor 42020-05-19

📋Vendor Advisories

1
Debian
CVE-2020-10030: pdns-recursor - An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It...2020

💬Community

3
Bugzilla
CVE-2020-10030 pdns-recursor: stack-based out-of-bounds read via a larger hostname [epel-all]2020-05-26
Bugzilla
CVE-2020-10030 pdns-recursor: stack-based out-of-bounds read via a larger hostname2020-05-26
Bugzilla
CVE-2020-10030 pdns-recursor: stack-based out-of-bounds read via a larger hostname [fedora-all]2020-05-26
CVE-2020-10030 — Out-of-bounds Read in Recursor | cvebase