CVE-2020-10030

2020-05-1916:15:10

Google

osv.dev

7.9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.2%

JSON

An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system’s hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have ‘\0’ termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has ‘\0’ termination.) Under some conditions, this issue can lead to the writing of one ‘\0’ byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.

CPENameOperatorVersion
pdnseqdnsdist-1.3.2
pdnseqauth-4.2.0-rc2
pdnseqrec-4.2.0-beta1
pdnseqdnsdist-1.3.3
pdnseqrec-4.2.0-alpha1
pdnseqrec-4.2.0-rc1
pdnseqrec-4.1.0
pdnseqrec-4.3.0-alpha2
pdnseqdnsdist-1.4.0-rc4
pdnseqrec-4.3.0-alpha1

Name	Operator	Version
pdns	eq	dnsdist-1.3.2
pdns	eq	auth-4.2.0-rc2
pdns	eq	rec-4.2.0-beta1
pdns	eq	dnsdist-1.3.3
pdns	eq	rec-4.2.0-alpha1
pdns	eq	rec-4.2.0-rc1
pdns	eq	rec-4.1.0
pdns	eq	rec-4.3.0-alpha2
pdns	eq	dnsdist-1.4.0-rc4
pdns	eq	rec-4.3.0-alpha1