CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10851
https://notcve.org/view.php?id=CVE-2018-10851
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. PowerDNS Authoritative Server desde la versión 3.3.0 hasta la 4.1.4 excluyendo las versiones 4.1.5 y 4.0.6, y PowerDNS Recursor desde la versión 3.2 hasta la 4.1.4 excluyendo las versiones 4.1.5 y 4.0.9, son vulnerables a una fuga de memoria cuando se analizan registros mal formados que pueden conducir a una denegación de servicio (DoS) remota. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14626
https://notcve.org/view.php?id=CVE-2018-14626
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. PowerDNS Authoritative Server desde la versión 4.1.0 hasta la 4.1.4 y PowerDNS Recursor desde la versión 4.0.0 hasta la 4.1.4, son vulnerables a una contaminación de memora caché de paquetes mediante una consulta manipulada que puede provocar una denegación de servicio (DoS). • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14626 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14644
https://notcve.org/view.php?id=CVE-2018-14644
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail. Se ha encontrado un problema en PowerDNS Recursor desde la versión 4.0.0 hasta la versión 4.1.4 inclusive. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14644 https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15120
https://notcve.org/view.php?id=CVE-2017-15120
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service. Se ha encontrado un problema en el análisis de respuestas autorizadas en PowerDNS Recursor en versiones anteriores a la 4.0.8, lo que conduce a una desreferencia de puntero NULL al analizar una respuesta especialmente manipulada que contiene un CNAME de una clase diferente a IN. Un atacante remoto no autenticado podría provocar una denegación de servicio (DoS). • http://seclists.org/oss-sec/2017/q4/382 http://www.securityfocus.com/bid/106335 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120 https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html https://www.debian.org/security/2017/dsa-4063 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15094
https://notcve.org/view.php?id=CVE-2017-15094
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default). Se ha encontrado un problema en el código de análisis DNSSEC de PowerDNS Recursor, desde la versión 4.0.0 hasta la 4.0.6, también incluida, lo que conduce a una fuga de memoria al analizar claves DNSSEC ECDSA especialmente manipuladas. Estas claves solo se analizan cuando la validación está habilitada mediante la configuración de dnssec a un valor distinto de off o process-no-validate (por defecto). • http://www.securityfocus.com/bid/101982 https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •