← Back

CVE-2019-10163

nvd nist
Published: Jul 30, 2019Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.

Affected (7)

Powerdns
1 product
Authoritative
Opensuse
2 products
Backports
Leap
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Powerdns
Authoritative
From 4.0.0 to 4.0.8
Authoritative
From 4.1.0 to 4.1.9
Authoritative
Version 4.1.0
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Backports
Version sle-15
Backports
Version sle-15 sp1
Opensuse
Leap
Version 15.0
Leap
Version 15.1

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (10)

Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.