Add a bit more explanation to advisory.

Also, attribution line was lost.

diff --git a/pdns/recursordist/docs/security-advisories/powerdns-advisory-2023-01.rst b/pdns/recursordist/docs/security-advisories/powerdns-advisory-2023-01.rst
index d9a743b01915cc2d893a8f0ab381e8b94e87feea..eba0c3189e662ac0a345ce044710d78e9236944c 100644 (file)
--- a/pdns/recursordist/docs/security-advisories/powerdns-advisory-2023-01.rst
+++ b/pdns/recursordist/docs/security-advisories/powerdns-advisory-2023-01.rst
@@ -11,6 +11,19 @@ PowerDNS Security Advisory 2023-01: unbounded recursion results in program termi
 - Risk of system compromise: None
 - Solution: Upgrade to patched version
 
+An issue in the processing of queries for misconfigured domains has been found in PowerDNS Recursor
+4.8.0, allowing a remote attacker to crash the recursor by sending a DNS query for one of these
+domains.  The issue happens because the recursor enters a unbounded loop, exceeding its stack
+memory. Because of the specific way in which this issue happens, we do not believe this issue to be
+exploitable for code execution.
+
+PowerDNS Recursor versions before 4.8.0 are not affected.
+
+Note that when the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, a crash
+will lead to an automatic restart, limiting the impact to a somewhat degraded service.
+
 CVSS 3.0 score: 8.2 (High)
 https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:H/RL:U/RC:C
 
+Thanks to applied-privacy.net for reporting this issue and their assistance in diagnosing it.
+