CVE-2019-10162

EPSS 0.01%
Published 30.07.2019 23:15:12
Last modified 21.11.2024 04:18:33
Source secalert@redhat.com
Teams watchlist Login
Open Login

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.

Affected products Warnungen 0 Metrics 4 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Powerdns ≫ Authoritative Version >= 4.0.0 < 4.0.8

Powerdns ≫ Authoritative Version >= 4.1.0 < 4.1.10

Powerdns ≫ Authoritative Version4.0.0 Update-

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.003

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
secalert@redhat.com	3.5	2.1	1.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html

Third Party Advisory

Mailing List

https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/

Vendor Advisory

Release Notes

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162

Patch

Third Party Advisory