CVE-2021-36754

CVE-2021-36754

Name

CVE-2021-36754

Description

PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MLIST	http://www.openwall.com/lists/oss-security/2021/07/26/2
CONFIRM	https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html
MISC	https://doc.powerdns.com/authoritative/security-advisories/index.html

Type

URI

MLIST

http://www.openwall.com/lists/oss-security/2021/07/26/2

CONFIRM

https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html

MISC

https://doc.powerdns.com/authoritative/security-advisories/index.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:powerdns:authoritative_server::::::::`	authoritative_server	>= 4.5.0	< 4.5.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*

authoritative_server

>= 4.5.0

< 4.5.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
pdns	edge-community	4.5.1-r0	Peter van Dijk <peter.van.dijk@powerdns.com>	fixed
pdns	3.22-community	4.5.1-r0	None	fixed
pdns	3.21-community	4.5.1-r0	None	fixed
pdns	3.20-community	4.5.1-r0	None	fixed
pdns	3.19-community	4.5.1-r0	None	fixed
pdns	3.18-community	4.5.1-r0	None	fixed
pdns	3.17-community	4.5.1-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

pdns

edge-community

4.5.1-r0

Peter van Dijk <peter.van.dijk@powerdns.com>

fixed

pdns

3.22-community