Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-7068

Опубликовано: 11 сент. 2018
Источник: nvd
CVSS3: 5.3
CVSS3: 7.5
CVSS2: 7.8
EPSS Низкий

Описание

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*
Версия до 3.4.11 (исключая)
cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*
Версия от 4.0.0 (включая) до 4.0.2 (исключая)
cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
Версия до 3.7.4 (исключая)
cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
Версия от 4.0.0 (включая) до 4.0.4 (исключая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%
0.00085
Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20
CWE-400

Связанные уязвимости

ubuntu логотип

CVE-2016-7068

CVSS3: 5.3
ubuntu
больше 7 лет назад

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.

debian логотип

CVE-2016-7068

CVSS3: 5.3
debian
больше 7 лет назад

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and Power ...

suse-cvrf логотип

openSUSE-SU-2017:0221-1

suse-cvrf
около 9 лет назад

Security update for pdns-recursor

github логотип

GHSA-g832-5583-wc79

CVSS3: 7.5
github
больше 3 лет назад

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.

suse-cvrf логотип

openSUSE-SU-2017:0183-1

suse-cvrf
около 9 лет назад

Security update for pdns

EPSS

Процентиль: 25%
0.00085
Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20
CWE-400