Main Vulnerability Database Vulnerabilities #VU413

Denial of service in PowerDNS - CVE-2016-5426

Published: September 13, 2016

Vulnerability identifier: #VU413

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-5426

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: PowerDNS.COM B.V.

Affected software:
PowerDNS

Detailed vulnerability description

The vulnerability allows a remote user to cause excessive resources spending on the target system.
The weakness exists due to sending of specially crafted DNS queries with length of qname value more than 255 bytes that may lead to denial of service.
The vulnerability may result in consuming of excessive resources and denial of service on the vulnerable system.

How to mitigate CVE-2016-5426

Update to 3.4.10.

Sources

https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/

Denial of service in PowerDNS - CVE-2016-5426

Detailed vulnerability description

How to mitigate CVE-2016-5426

Sources

Please verify you're human