CVE-2020-10030

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.

Se ha detectado un problema en PowerDNS Recursor versiones 4.1.0 hasta 4.3.0 en incluyéndola. Permite un atacante (con suficientes privilegios para cambiar el nombre de host del sistema) causar una divulgación del contenido de la memoria no inicializada por medio de una lectura fuera de límites en la región stack de la memoria. Solo se presenta en sistemas donde la función gethostname() no contiene la terminación "\0" de la cadena devuelta si el nombre de host es mayor que el búfer suministrado. (Los sistemas Linux no están afectados porque el búfer siempre es lo suficientemente grande. Los sistemas OpenBSD no están afectados porque el nombre de host devuelto siempre presenta una terminación "\0".) Bajo algunas condiciones, este problema puede conllevar a una escritura de un byte '\ 0' fuera de los límites en la pila, causando una denegación de servicio o posiblemente una ejecución de código arbitraria.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-04 CVE Reserved
2020-05-19 CVE Published
2024-03-23 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html	2023-11-07
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Powerdns Search vendor "Powerdns"		Recursor Search vendor "Powerdns" for product "Recursor"				>= 4.1.0 <= 4.3.0 Search vendor "Powerdns" for product "Recursor" and version " >= 4.1.0 <= 4.3.0"		-		Affected