Previous topic

PowerDNS Security Advisory 2020-02: Insufficient validation of DNSSEC signatures

Next topic

PowerDNS Security Advisory 2020-04: Access restriction bypass

This Page

PowerDNS Security Advisory 2020-03: Information disclosure

  • CVE: CVE-2020-10030
  • Date: May 19th 2020
  • Affects: PowerDNS Recursor from 4.1.0 up to and including 4.3.0
  • Not affected: 4.3.1, 4.2.2, 4.1.16
  • Severity: Low
  • Impact: Information Disclosure, Denial of Service
  • Exploit: This problem can be triggered via a crafted hostname
  • Risk of system compromise: No
  • Solution: Upgrade to a non-affected version
  • Workaround: None

An issue has been found in PowerDNS Recursor allowing an attacker with enough privileges to change the system’s hostname to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not null-terminate the returned string if the hostname is larger than the supplied buffer. Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname is always null-terminated. Under some conditions this issue can lead to the writing of one null-byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.

This issue has been assigned CVE-2020-10030.

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 is affected.

Please note that at the time of writing, PowerDNS Recursor 4.0 and below are no longer supported, as described in https://doc.powerdns.com/recursor/appendices/EOL.html.

We would like to thank Valentei Sergey for finding and subsequently reporting this issue!