6.4
CVE-2008-3337
- EPSS 6.12%
- Veröffentlicht 08.08.2008 19:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:38
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Powerdns ≫ Authoritative Server Version <= 2.9.21
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.12% | 0.925 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://secunia.com/advisories/31687
http://doc.powerdns.com/changelog.html
http://doc.powerdns.com/powerdns-advisory-2008-02.html
http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html
http://secunia.com/advisories/31401
http://secunia.com/advisories/31407
http://secunia.com/advisories/31448
http://secunia.com/advisories/33264
http://security.gentoo.org/glsa/glsa-200812-19.xml
http://www.securityfocus.com/bid/30587
http://www.vupen.com/english/advisories/2008/2320
https://exchange.xforce.ibmcloud.com/vulnerabilities/44253
https://www.debian.org/security/2008/dsa-1628
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html