CVE-2020-17482Use of Uninitialized Resource in Authoritative

CWE-908Use of Uninitialized ResourceCWE-200Sensitive Information Exposure9 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 84.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Open-xchange PdnsPowerdns Authoritative
Timeline
PublishedOct 2
Latest updateJan 14

Description

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

Debianopen-xchange/pdns< 4.3.1-1+3

🔴Vulnerability Details

3
GHSA
GHSA-rwvv-h93r-mw45: An issue has been found in PowerDNS Authoritative Server before 42022-05-24
CVEList
CVE-2020-17482: An issue has been found in PowerDNS Authoritative Server before 42020-10-02
OSV
CVE-2020-17482: An issue has been found in PowerDNS Authoritative Server before 42020-10-02

📋Vendor Advisories

2
Ubuntu
PowerDNS vulnerabilities2025-01-14
Debian
CVE-2020-17482: pdns - An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an a...2020

💬Community

3
Bugzilla
CVE-2020-17482 pdns: leaking uninitialised memory through crafted zone records [epel-all]2020-09-22
Bugzilla
CVE-2020-17482 pdns: leaking uninitialised memory through crafted zone records2020-09-22
Bugzilla
CVE-2020-17482 pdns: leaking uninitialised memory through crafted zone records [fedora-all]2020-09-22
CVE-2020-17482 — Use of Uninitialized Resource | cvebase