CVE-2019-10203

Advisory lineage Upstream: 0 Downstream: 6

Downstream

DEBIAN-CVE-2019-10203 MGASA-2020-0375 OPENSUSE-SU-2019:1904-1 OPENSUSE-SU-2019:1921-1 OPENSUSE-SU-2024:11156-1 UBUNTU-CVE-2019-10203

Modified

Published: 22 Nov 2019, 12:01

Last modified:04 Aug 2024, 22:17

Vulnerability Summary

Overall Risk (default)

low

17/100

CVSS Score

4.3 MEDIUM

v3.0 (cve.org)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

22 Nov 2019, 12:01

Published

Vulnerability first disclosed

04 Aug 2024, 22:17

Last Modified

Vulnerability information updated

Description

PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.

CVSS Metrics

v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
v3.0•MEDIUM•Score: 4.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.02%• Percentile: 6%

Techniques & Countermeasures

CWE-681•Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Affected Systems

powerdns•authoritative_server
≥ 4.0.0, < 4.0.9 | ≥ 4.1.0, < 4.1.11
red hat•pdns
pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11