From: Otto Moerbeek Date: Fri, 20 Jan 2023 13:42:39 +0000 (+0100) Subject: Add a bit more explanation to advisory. X-Git-Tag: dnsdist-1.8.0-rc1~101^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ccd721602a6909bef0981c2807565d722b9f191d;p=thirdparty%2Fpdns.git Add a bit more explanation to advisory. Also, attribution line was lost. --- diff --git a/pdns/recursordist/docs/security-advisories/powerdns-advisory-2023-01.rst b/pdns/recursordist/docs/security-advisories/powerdns-advisory-2023-01.rst index d9a743b019..eba0c3189e 100644 --- a/pdns/recursordist/docs/security-advisories/powerdns-advisory-2023-01.rst +++ b/pdns/recursordist/docs/security-advisories/powerdns-advisory-2023-01.rst @@ -11,6 +11,19 @@ PowerDNS Security Advisory 2023-01: unbounded recursion results in program termi - Risk of system compromise: None - Solution: Upgrade to patched version +An issue in the processing of queries for misconfigured domains has been found in PowerDNS Recursor +4.8.0, allowing a remote attacker to crash the recursor by sending a DNS query for one of these +domains. The issue happens because the recursor enters a unbounded loop, exceeding its stack +memory. Because of the specific way in which this issue happens, we do not believe this issue to be +exploitable for code execution. + +PowerDNS Recursor versions before 4.8.0 are not affected. + +Note that when the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, a crash +will lead to an automatic restart, limiting the impact to a somewhat degraded service. + CVSS 3.0 score: 8.2 (High) https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:H/RL:U/RC:C +Thanks to applied-privacy.net for reporting this issue and their assistance in diagnosing it. +