CVE-2016-6172 Information

Feb 14, 2021 cve

Description

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Reference

http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html http://www.debian.org/security/2016/dsa-3664 http://www.openwall.com/lists/oss-security/2016/07/06/3 http://www.securityfocus.com/bid/91678 http://www.securitytracker.com/id/1036242 https://doc.powerdns.com/md/changelog/powerdns-authoritative-server-401 https://github.com/PowerDNS/pdns/issues/4128 https://github.com/PowerDNS/pdns/issues/4133 https://github.com/PowerDNS/pdns/pull/4134 https://github.com/sischkg/xfer-limit/blob/master/README.md https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.8

Share on: