5.9

CVE-2017-15094

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PowerdnsRecursor Version >= 4.0.0 <= 4.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.3% 0.87
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

http://www.securityfocus.com/bid/101982
Third Party Advisory
VDB Entry
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html
Patch
Vendor Advisory
Mitigation