Platform
linux
Component
powerdns-authoritative-server
Fixed in
4.1.11
4.0.9
CVE-2019-10162 affects PowerDNS Authoritative Server versions prior to 4.1.10. This vulnerability allows an authenticated user with control over a MASTER zone to induce the server to exit by crafting a malicious DNS record. The issue stems from an error handling flaw during the notification process, leading to a parsing error and subsequent server termination. A fix is available in version 4.1.10.
Successful exploitation of CVE-2019-10162 can lead to a denial-of-service (DoS) condition, effectively taking the PowerDNS Authoritative Server offline. An attacker, possessing the ability to modify records within a controlled zone, can craft a record that triggers a parsing error during the server's notification process. This abrupt termination disrupts DNS resolution services for any clients relying on the affected server, potentially impacting applications and services dependent on accurate DNS information. While the CVSS score is LOW, the impact can be significant in environments where high availability of DNS is critical.
CVE-2019-10162 was published on July 30, 2019. There is no indication of this vulnerability being actively exploited in the wild. It is not currently listed on KEV or EPSS. Public proof-of-concept (POC) code is not widely available, suggesting a relatively low exploitation probability.
Exploit Status
EPSS
0.01% (1% percentile)
CVSS Vector
The primary mitigation for CVE-2019-10162 is to upgrade to PowerDNS Authoritative Server version 4.1.10 or later. If immediate upgrading is not feasible, consider implementing stricter access controls to limit the ability of users to modify MASTER zone records. Review and audit existing zone configurations to identify any potential vulnerabilities. While a WAF is unlikely to directly address this issue, ensuring proper input validation within your DNS management tools can help prevent malicious record creation. After upgrading, confirm the server is functioning correctly by performing a DNS lookup and verifying that the server responds as expected.
Actualice PowerDNS Authoritative Server a la versión 4.1.10 o 4.0.8, o posterior, para corregir la vulnerabilidad. Esto evitará que un usuario autorizado cause la salida del servidor insertando un registro manipulado en una zona de tipo MASTER.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-10162 is a vulnerability in PowerDNS Authoritative Server versions before 4.1.10 that allows an authorized user to cause the server to exit by inserting a crafted record in a MASTER zone.
You are affected if you are running PowerDNS Authoritative Server versions 4.1.10 or earlier. Check your version using powerdns --version.
Upgrade to PowerDNS Authoritative Server version 4.1.10 or later to resolve this vulnerability. Review zone permissions to limit user access.
There is no public evidence of CVE-2019-10162 being actively exploited in the wild at this time.
Refer to the PowerDNS security advisory for detailed information: https://lists.powerdns.com/pipermail/announce/2019/000065.html
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.