CVE-2019-10162

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.

Se ha detectado una vulnerabilidad en Authoritative Server de PowerDNS anterior a versiones 4.1.10, 4.0.8, permitiendo a un usuario autorizado causar que el servidor salga mediante la inserción de un registro diseñado en una zona tipo MASTER bajo su control. El problema es debido al hecho de que Authoritative Server se saldrá cuando se encuentre con un error de análisis mientras busca los registros NS/A/AAAA que está por usar para una notificación saliente.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-03-27 CVE Reserved
2019-06-23 CVE Published
2024-07-23 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162	2020-10-02

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html	2020-10-02
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html	2020-10-02
https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released	2020-10-02
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html	2020-10-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Powerdns Search vendor "Powerdns"		Authoritative Search vendor "Powerdns" for product "Authoritative"				>= 4.0.0 < 4.0.8 Search vendor "Powerdns" for product "Authoritative" and version " >= 4.0.0 < 4.0.8"		-		Affected
Powerdns Search vendor "Powerdns"		Authoritative Search vendor "Powerdns" for product "Authoritative"				>= 4.1.0 < 4.1.10 Search vendor "Powerdns" for product "Authoritative" and version " >= 4.1.0 < 4.1.10"		-		Affected
Powerdns Search vendor "Powerdns"		Authoritative Search vendor "Powerdns" for product "Authoritative"				4.0.0 Search vendor "Powerdns" for product "Authoritative" and version "4.0.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.0 Search vendor "Opensuse" for product "Leap" and version "15.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected