Vulnerability & Exploit Database

Back to search

Alpine Linux: CVE-2017-15094: pdns-recursor Multiple vulnerabilities

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) December 06, 2017 December 17, 2017 January 16, 2018

Description

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor during a code audit by Nixu, leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default). This issue has been assigned CVE-2017-15094.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

alpine-linux-upgrade-pdns-recursor