CVE-2020-17482
published 2020-10-02CVE-2020-17482: An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pdns | < pdns 4.3.1-1 (bookworm) | pdns 4.3.1-1 (bookworm) |
| open-xchange | pdns | >= 0 < 4.3.1-1 | 4.3.1-1 |
| open-xchange | pdns | >= 0 < 4.3.1-1 | 4.3.1-1 |
| open-xchange | pdns | >= 0 < 4.3.1-1 | 4.3.1-1 |
| open-xchange | pdns | >= 0 < 4.3.1-1 | 4.3.1-1 |
| open-xchange | pdns | >= 0 < 4.0.0~alpha2-3ubuntu0.1~esm1 | 4.0.0~alpha2-3ubuntu0.1~esm1 |
| open-xchange | pdns | >= 0 < 4.1.1-1ubuntu0.1~esm1 | 4.1.1-1ubuntu0.1~esm1 |
| open-xchange | pdns | >= 0 < 4.2.1-1ubuntu0.1~esm1 | 4.2.1-1ubuntu0.1~esm1 |
| open-xchange | pdns | >= 0 < 4.5.3-1ubuntu0.1~esm1 | 4.5.3-1ubuntu0.1~esm1 |
| powerdns | authoritative | < 4.3.1 | 4.3.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv7.8HIGH