CVE-2017-15094

Summary

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).

Affected Software

VendorProductVersion RangeStatus
PowerDNSPowerDNS Recursorfrom 4.0.0 up to and including 4.0.6affected

Weaknesses

  • CWE-401: CWE-401

ADP Enrichment

CVE Program Container

Additional References

References