CVE-2016-2120

HIGH

Powerdns Authoritative < 3.4.10 - Integer Overflow

Title source: rule

Description

An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.

References (2)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120

[Third Party Advisory] https://www.debian.org/security/2017/dsa-3764

Scores

CVSS v3 7.5

EPSS 0.0013

EPSS Percentile 32.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-190

Status published

Affected Products (2)

powerdns/authoritative < 3.4.10

debian/debian_linux

Timeline

Published Nov 01, 2018

Tracked Since Feb 18, 2026