Vulnerability CVE-2020-17482

Vulnerability Name:

CVE-2020-17482 (CCN-188679)

Assigned:

2020-09-22

Published:

2020-09-22

Updated:

2022-01-01

Summary:

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.

CVSS v3 Severity:

4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-908

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-17482

Source: CONFIRM
Type: Vendor Advisory
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html

Source: CCN
Type: PowerDNS Security Advisory 2020-05
Leaking uninitialised memory through crafted zone records

Source: XF
Type: UNKNOWN
powerdns-cve202017482-info-disc(188679)

Source: MISC
Type: Third Party Advisory
https://github.com/PowerDNS/pdns

Source: GENTOO
Type: Third Party Advisory
GLSA-202012-18

Vulnerable Configuration:

Configuration 1:

cpe:/a:powerdns:authoritative:*:*:*:*:*:*:*:* (Version < 4.3.1)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202017482	V	CVE-2020-17482	2022-06-30
oval:org.opensuse.security:def:113102	P	pdns-4.5.1-1.5 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:60433	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:59833	P	Security update for the Linux Kernel (Important)	2021-12-08
oval:org.opensuse.security:def:64632	P	Security update for python-Babel (Important)	2021-12-06
oval:org.opensuse.security:def:64633	P	Security update for gmp (Moderate)	2021-12-06
oval:org.opensuse.security:def:106537	P	pdns-4.5.1-1.5 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:61673	P	vim-8.0.1568-3.20 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61649	P	rsyslog-8.33.1-3.9.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:63200	P	davfs2-1.5.4-1.4 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61650	P	rzsz-0.12.21~rc-1.8 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:59537	P	Security update for openssl-1_1 (Low)	2021-09-09
oval:org.opensuse.security:def:64740	P	Security update for rpm (Important)	2021-08-12
oval:org.opensuse.security:def:63098	P	openldap2-2.4.46-9.51.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63383	P	virt-install-3.2.0-5.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63092	P	java-1_8_0-openjdk-1.8.0.282-3.48.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63332	P	gtk-vnc-devel-1.0.0-2.35 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63354	P	libvirt-7.1.0-4.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63467	P	evolution-3.34.4-1.49 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63089	P	cyrus-sasl-bdb-2.1.27-2.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63433	P	liblcms2-2-32bit-2.9-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63492	P	libreoffice-7.1.2.2-2.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62115	P	libHX-devel-3.22-1.26 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62309	P	python3-salt-3002.2-6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:60317	P	Security update for linuxptp (Important)	2021-07-28
oval:org.opensuse.security:def:64541	P	Security update for qemu (Moderate)	2021-06-30
oval:org.opensuse.security:def:62873	P	perl-PerlMagick-7.0.7.34-1.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64496	P	Security update for openvpn (Moderate)	2021-05-12
oval:org.opensuse.security:def:59718	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:63152	P	grub2-x86_64-xen-2.02-17.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62673	P	libid3tag0-0.15.1b-3.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62696	P	librsvg-devel-2.46.4-1.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63588	P	libotr-devel-4.1.1-2.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62649	P	libIlmImf-2_2-23-2.2.1-3.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62672	P	libical-devel-3.0.6-2.56 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63117	P	python-azure-agent-2.2.45-3.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63085	P	ntp-4.2.8p13-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61842	P	libminizip1-1.2.11-3.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62968	P	ocaml-4.05.0-13.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63295	P	python3-pywbem-0.11.0-2.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62439	P	libexiv2-26-0.26-4.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63294	P	postgresql10-contrib-10.12-8.13.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:59129	P	Security update for libseccomp (Moderate)	2020-12-01
oval:org.opensuse.security:def:64179	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:26490	P	Security update for pdns (Moderate)	2020-12-01
oval:org.opensuse.security:def:60018	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:74481	P	Security update for cloud-init (Moderate)	2020-12-01
oval:org.opensuse.security:def:63938	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:60649	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:64842	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:25119	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:25618	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:59106	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:63718	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25817	P	Security update for pidgin-otr (Important)	2020-12-01
oval:org.opensuse.security:def:64429	P	pam_yubico on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60529	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60767	P	Security update for pdns (Moderate)	2020-12-01
oval:org.opensuse.security:def:74954	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:25384	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25759	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:59285	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:74607	P	Security update for pdns (Moderate)	2020-12-01
oval:org.opensuse.security:def:64167	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:60738	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:64900	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:25246	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25671	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:59107	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:64045	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:26455	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:63791	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:60611	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:64285	P	kdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25055	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:75087	P	Security update for pdns (Moderate)	2020-12-01
oval:org.opensuse.security:def:25468	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:25773	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:64387	P	libsqlite3-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60688	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:25044	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:65012	P	Security update for postgresql12 (Important)	2020-12-01
oval:org.opensuse.security:def:25327	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:100239	P	(Moderate)	2020-11-02
oval:org.opensuse.security:def:88040	P	Security update for pdns (Moderate)	2020-09-29
oval:org.opensuse.security:def:109718	P	Security update for pdns (Moderate)	2020-09-28
oval:org.opensuse.security:def:110231	P	Security update for pdns (Moderate)	2020-09-28
oval:org.opensuse.security:def:93526	P	Security update for pdns (Moderate)	2020-09-28
oval:org.opensuse.security:def:110782	P	Security update for pdns (Moderate)	2020-09-28
oval:org.opensuse.security:def:96371	P	Security update for pdns (Moderate)	2020-09-28
oval:org.opensuse.security:def:103061	P	Security update for pdns (Moderate)	2020-09-28
oval:org.opensuse.security:def:84033	P	Security update for pdns (Moderate)	2020-09-23

BACK