CVE-2016-7072

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-7072
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7072.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-7072
Downstream
Related
Published
2018-09-10T17:29:00.193Z
Modified
2026-02-06T03:59:04.194189Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.

References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type
GIT
Repo
https://github.com/powerdns/pdns
Events
Fixed
06ede1f2c905091585c1adfc4eb9208e256fcb3b
Introduced
ba64cecd417688dc39c75e92f1a23b91f7f46d64
Fixed
9d7fd146ebfcb2aa657ff34dab0f116f824ba77a

Affected versions

auth-4.*
auth-4.0.0
auth-4.0.1
rec-4.*
rec-4.0.0
rec-4.0.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7072.json"