Candidate: CVE-2019-10162
PublicDate: 2019-07-30 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10162
 https://www.openwall.com/lists/oss-security/2019/06/21/5
 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html
Description:
 A vulnerability has been found in PowerDNS Authoritative Server before
 versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to
 exit by inserting a crafted record in a MASTER type zone under their
 control. The issue is due to the fact that the Authoritative Server will
 exit when it runs into a parsing error while looking up the NS/A/AAAA
 records it is about to use for an outgoing notify.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_pdns:
upstream_pdns: needs-triage
precise/esm_pdns: DNE
trusty_pdns: ignored (out of standard support)
trusty/esm_pdns: DNE
xenial_pdns: ignored (end of standard support, was needs-triage)
bionic_pdns: needs-triage
cosmic_pdns: ignored (reached end-of-life)
disco_pdns: ignored (reached end-of-life)
eoan_pdns: not-affected (4.1.6-3build1)
focal_pdns: not-affected (4.1.6-3build1)
groovy_pdns: not-affected (4.1.6-3build1)
hirsute_pdns: not-affected (4.1.6-3build1)
impish_pdns: not-affected (4.1.6-3build1)
jammy_pdns: not-affected (4.1.6-3build1)
devel_pdns: not-affected (4.1.6-3build1)