CVE-2020-17482

Vulnerability from cvelistv5

Published

2020-10-02 08:21

Modified

2024-08-04 14:00

Severity ?

Summary

References

URL	Tags
cve@mitre.org	https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html	Vendor Advisory
cve@mitre.org	https://github.com/PowerDNS/pdns	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202012-18	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/PowerDNS/pdns	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202012-18	Third Party Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:00:47.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/PowerDNS/pdns"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
          },
          {
            "name": "GLSA-202012-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202012-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-23T21:06:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/PowerDNS/pdns"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
        },
        {
          "name": "GLSA-202012-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202012-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-17482",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/PowerDNS/pdns",
              "refsource": "MISC",
              "url": "https://github.com/PowerDNS/pdns"
            },
            {
              "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html",
              "refsource": "CONFIRM",
              "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
            },
            {
              "name": "GLSA-202012-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202012-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-17482",
    "datePublished": "2020-10-02T08:21:09",
    "dateReserved": "2020-08-11T00:00:00",
    "dateUpdated": "2024-08-04T14:00:47.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-17482\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-10-02T09:15:13.570\",\"lastModified\":\"2024-11-21T05:08:12.210\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un problema en PowerDNS Authoritative Server versiones anteriores a 4.3.1, donde un usuario autorizado con la capacidad de insertar registros dise\u00f1ados en una zona podr\u00eda filtrar el contenido de la memoria no inicializada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3.1\",\"matchCriteriaId\":\"74DB9DF5-6F28-435D-907D-1CD0F1D1591E\"}]}]}],\"references\":[{\"url\":\"https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/PowerDNS/pdns\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202012-18\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/PowerDNS/pdns\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202012-18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. PowerDNS Authoritative Server Contains an information disclosure vulnerability.Information may be obtained. PowerDNS Authoritative Server is a DNS server of Dutch PowerDNS company.

Background

The PowerDNS nameserver is an authoritative-only nameserver which uses a flexible backend architecture.

Affected packages

 -------------------------------------------------------------------
  Package              /     Vulnerable     /            Unaffected
 -------------------------------------------------------------------

1 net-dns/pdns < 4.3.1 >= 4.3.1

Description

It was discovered that PowerDNS did not properly handle certain unknown records. Crafted records cannot be inserted via AXFR.

Workaround

Do not take zone data from untrusted users.

Resolution

All PowerDNS users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/pdns-4.3.1"

References

[ 1 ] CVE-2020-17482 https://nvd.nist.gov/vuln/detail/CVE-2020-17482 [ 2 ] PowerDNS Security Advisory 2020-05

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202012-18

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0408",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "authoritative",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "powerdns",
        "version": "4.3.1"
      },
      {
        "model": "authoritative server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "powerdns",
        "version": null
      },
      {
        "model": "authoritative server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "powerdns",
        "version": "4.3.1  less than"
      },
      {
        "model": "authoritative server",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "powerdns",
        "version": "4.3.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012088"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17482"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gentoo",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1634"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-17482",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2020-17482",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2020-57064",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-17482",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2020-17482",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-17482",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-17482",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-57064",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202009-1634",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012088"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1634"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17482"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. PowerDNS Authoritative Server Contains an information disclosure vulnerability.Information may be obtained. PowerDNS Authoritative Server is a DNS server of Dutch PowerDNS company. \n\nBackground\n==========\n\nThe PowerDNS nameserver is an authoritative-only nameserver which uses\na flexible backend architecture. \n\nAffected packages\n=================\n\n     -------------------------------------------------------------------\n      Package              /     Vulnerable     /            Unaffected\n     -------------------------------------------------------------------\n   1  net-dns/pdns                 \u003c 4.3.1                    \u003e= 4.3.1\n\nDescription\n===========\n\nIt was discovered that PowerDNS did not properly handle certain unknown\nrecords. \nCrafted records cannot be inserted via AXFR. \n\nWorkaround\n==========\n\nDo not take zone data from untrusted users. \n\nResolution\n==========\n\nAll PowerDNS users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=net-dns/pdns-4.3.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-17482\n       https://nvd.nist.gov/vuln/detail/CVE-2020-17482\n[ 2 ] PowerDNS Security Advisory 2020-05\n \nhttps://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  https://security.gentoo.org/glsa/202012-18\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-17482"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012088"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      },
      {
        "db": "PACKETSTORM",
        "id": "160711"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-17482",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012088",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160711",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-57064",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "50576",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1634",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012088"
      },
      {
        "db": "PACKETSTORM",
        "id": "160711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1634"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17482"
      }
    ]
  },
  "id": "VAR-202010-0408",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:29:27.861000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Leaking\u00a0uninitialised\u00a0memory\u00a0through\u00a0crafted\u00a0zone\u00a0records",
        "trust": 0.8,
        "url": "https://github.com/PowerDNS/pdns"
      },
      {
        "title": "Patch for PowerDNS Authoritative Server information disclosure vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/236497"
      },
      {
        "title": "PowerDNS Authoritative Server Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131086"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012088"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1634"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-908",
        "trust": 1.0
      },
      {
        "problemtype": "information leak (CWE-200) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012088"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17482"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17482"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/202012-18"
      },
      {
        "trust": 1.6,
        "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/powerdns/pdns"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/powerdns-information-disclosure-via-zone-records-33428"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/50576"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160711/gentoo-linux-security-advisory-202012-18.html"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012088"
      },
      {
        "db": "PACKETSTORM",
        "id": "160711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1634"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17482"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012088"
      },
      {
        "db": "PACKETSTORM",
        "id": "160711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1634"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17482"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      },
      {
        "date": "2021-04-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012088"
      },
      {
        "date": "2020-12-24T17:18:18",
        "db": "PACKETSTORM",
        "id": "160711"
      },
      {
        "date": "2020-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202009-1634"
      },
      {
        "date": "2020-10-02T09:15:13.570000",
        "db": "NVD",
        "id": "CVE-2020-17482"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      },
      {
        "date": "2021-04-23T08:59:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012088"
      },
      {
        "date": "2022-01-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202009-1634"
      },
      {
        "date": "2024-11-21T05:08:12.210000",
        "db": "NVD",
        "id": "CVE-2020-17482"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1634"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PowerDNS Authoritative Server information disclosure vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57064"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1634"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1634"
      }
    ],
    "trust": 0.6
  }
}

gsd-2020-17482

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-17482

Aliases

CVE-2020-17482

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-17482",
    "description": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.",
    "id": "GSD-2020-17482",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-17482.html",
      "https://advisories.mageia.org/CVE-2020-17482.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-17482"
      ],
      "details": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.",
      "id": "GSD-2020-17482",
      "modified": "2023-12-13T01:21:50.138709Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-17482",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/PowerDNS/pdns",
            "refsource": "MISC",
            "url": "https://github.com/PowerDNS/pdns"
          },
          {
            "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html",
            "refsource": "CONFIRM",
            "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
          },
          {
            "name": "GLSA-202012-18",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202012-18"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-17482"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-908"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
            },
            {
              "name": "https://github.com/PowerDNS/pdns",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/PowerDNS/pdns"
            },
            {
              "name": "GLSA-202012-18",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202012-18"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-01-01T18:15Z",
      "publishedDate": "2020-10-02T09:15Z"
    }
  }
}

ghsa-rwvv-h93r-mw45

Vulnerability from github

Published

2022-05-24 17:29

Modified

2022-05-24 17:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-17482"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-02T09:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.",
  "id": "GHSA-rwvv-h93r-mw45",
  "modified": "2022-05-24T17:29:59Z",
  "published": "2022-05-24T17:29:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17482"
    },
    {
      "type": "WEB",
      "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PowerDNS/pdns"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202012-18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-17482

Vulnerability from cvelistv5

var-202010-0408

Vulnerability from variot

Background

Affected packages

Description

Workaround

Resolution

References

Availability

Concerns?

License

gsd-2020-17482

Vulnerability from gsd

ghsa-rwvv-h93r-mw45

Vulnerability from github

Tags

Sightings

Nomenclature