DEBIAN-CVE-2016-2120
Advisory lineage Upstream: 1 Downstream: 2
Upstream
Downstream
Published: 01 Nov 2018, 13:29
Last modified:28 Apr 2026, 20:15
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
3.0 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
01 Nov 2018, 13:29
Published
Vulnerability first disclosed
28 Apr 2026, 20:15
Last Modified
Vulnerability information updated
Description
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.
CVSS Metrics
- v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- debian•pdns
< 4.0.2-1 | < 4.0.2-1 | < 4.0.2-1 | < 4.0.2-1