Lucene search

PRIOn knowledge basePRION:CVE-2017-15094

HistoryJan 23, 2018 - 3:29 p.m.

Design/Logic Flaw

2018-01-2315:29:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.2%

JSON

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).

CPENameOperatorVersion
recursorge4.0.0
recursorle4.0.6

CPE	Name	Operator	Version
	recursor	ge	4.0.0
	recursor	le	4.0.6

References

www.securityfocus.com/bid/101982

doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html