FreeBSD1C21F6A3-9415-11E9-95EC-6805CA2FA271powerdns -- multiple vulnerabilities
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
70.2%
PowerDNS Team reports:
CVE-2019-10162: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to
cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The
issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while
looking up the NS/A/AAAA records it is about to use for an outgoing notify.
CVE-2019-10163: An issue has been found in PowerDNS Authoritative Server allowing a remote, authorized
master server to cause a high CPU load or even prevent any further updates to any slave zone by sending
a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
70.2%