vulnerability

FreeBSD: VID-B371DB92-FE34-11EA-B90E-6805CA2FA271 (CVE-2020-17482): powerdns -- Leaking uninitialised memory through crafted zone records

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Sep 22, 2020	Sep 29, 2020	Oct 20, 2020

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Sep 22, 2020

Added

Sep 29, 2020

Modified

Oct 20, 2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-B371DB92-FE34-11EA-B90E-6805CA2FA271:

PowerDNS Team reports

CVE-2020-17482: An issue has been found in PowerDNS Authoritative

Server before 4.3.1 where an authorized user with the

ability to insert crafted records into a zone might

be able to leak the content of uninitialized memory.

Such a user could be a customer inserting data via a

control panel, or somebody with access to the REST

API. Crafted records cannot be inserted via AXFR.

Solution

freebsd-upgrade-package-powerdns

References

NVD-CVE-2020-17482

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today