Main Vulnerability Database Vulnerabilities #VU412

Denial of service in PowerDNS - CVE-2016-5427

Published: September 13, 2016

Vulnerability identifier: #VU412

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-5427

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: PowerDNS.COM B.V.

Affected software:
PowerDNS

Detailed vulnerability description

The vulnerability allows a remote user to cause excessive resources spending on the target system.
The weakness exists due to sending of specially crafted DNS queries with label values containing a dot character ('.') that may lead to denial of service.
The vulnerability may result in consuming of excessive resources and denial of service on the vulnerable system.

How to mitigate CVE-2016-5427

Update to 3.4.10.

Sources

https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/

Denial of service in PowerDNS - CVE-2016-5427

Detailed vulnerability description

How to mitigate CVE-2016-5427

Sources

Please verify you're human