pdns-recursor is vulnerable to arbitrary code execution. The vulnerability exists as an attacker (with enough privileges to change the system’s hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname()
does not have \0
termination of the returned string if the hostname is larger than the supplied buffer.
CPE | Name | Operator | Version |
---|---|---|---|
pdns-recursor:3.10 | eq | 4.1.13-r0 | |
pdns-recursor | eq | 4.1.9-r1 | |
pdns-recursor:3.10 | eq | 4.1.13-r0 | |
pdns-recursor | eq | 4.1.9-r1 |
lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html
doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html
lists.fedoraproject.org/archives/list/[email protected]/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/
lists.fedoraproject.org/archives/list/[email protected]/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF/