Vulnerability Details CVE-2017-15094
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.2%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2017-15094
-
cpe:2.3:a:powerdns:recursor:4.0.0
-
cpe:2.3:a:powerdns:recursor:4.0.1
-
cpe:2.3:a:powerdns:recursor:4.0.2
-
cpe:2.3:a:powerdns:recursor:4.0.3
-
cpe:2.3:a:powerdns:recursor:4.0.4
-
cpe:2.3:a:powerdns:recursor:4.0.5
-
cpe:2.3:a:powerdns:recursor:4.0.6