FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

powerdns -- Leaking uninitialised memory through crafted zone records

Affected packages
4.3.0 <= powerdns < 4.3.1
4.2.0 <= powerdns < 4.2.3
4.1.0 <= powerdns < 4.1.14


VuXML ID b371db92-fe34-11ea-b90e-6805ca2fa271
Discovery 2020-09-22
Entry 2020-09-24

PowerDNS Team reports

CVE-2020-17482: An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be inserted via AXFR.


CVE Name CVE-2020-17482