CVE-2020-10030

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-10030

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10030.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-10030

Related

Published

2020-05-19T16:15:10Z

Modified

2024-09-03T03:05:42.897724Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.

References

Affected packages

Debian:11 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/powerdns/pdns

Affected ranges

Type: GIT
Repo: https://github.com/powerdns/pdns
Events: Introduced

80da1b4773cbdad76755b01c70739059d6f607af

Last affected

f8e019026f5a1eff4b56a90a39c4acac95ae9dc4

Affected versions

auth-4.*

auth-4.2.0-alpha1

auth-4.2.0-beta1

auth-4.2.0-rc1

auth-4.2.0-rc2

auth-4.3.0-alpha1

dnsdist-1.*

dnsdist-1.3.0

dnsdist-1.3.1

dnsdist-1.3.2

dnsdist-1.3.3

dnsdist-1.4.0

dnsdist-1.4.0-alpha1

dnsdist-1.4.0-alpha2

dnsdist-1.4.0-beta1

dnsdist-1.4.0-rc1

dnsdist-1.4.0-rc2

dnsdist-1.4.0-rc3

dnsdist-1.4.0-rc4

dnsdist-1.4.0-rc5

rec-4.*

rec-4.1.0

rec-4.2.0-alpha1

rec-4.2.0-beta1

rec-4.2.0-rc1

rec-4.3.0

rec-4.3.0-alpha1

rec-4.3.0-alpha2

rec-4.3.0-alpha3

rec-4.3.0-beta1

rec-4.3.0-beta2

rec-4.3.0-rc1

rec-4.3.0-rc2