What is CVE-2020-10030?

CVE-2020-10030 is a vulnerability found in PowerDNS Recursor 4.1.0 up to and including 4.3.0 that allows an attacker to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read.

How severe is CVE-2020-10030?

CVE-2020-10030 has a severity rating of 8.8 (high).

Which software versions are affected by CVE-2020-10030?

PowerDNS Recursor versions 4.1.0 to 4.3.0 are affected by CVE-2020-10030.

How can an attacker exploit CVE-2020-10030?

An attacker with enough privileges to change the system's hostname can exploit CVE-2020-10030 to cause disclosure of uninitialized memory content.

Are there any references for CVE-2020-10030?

Yes, you can find references for CVE-2020-10030 at the following links: [link1](http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html), [link2](https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html), [link3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/)

Vulnerability/
CVE-2020-10030

high

8.8

CWE

125

19/5/2020

4/8/2024

CVE-2020-10030

First published: Tue May 19 2020(Updated: )

An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PowerDNS	>=4.1.0<=4.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-10030?
CVE-2020-10030 is a vulnerability found in PowerDNS Recursor 4.1.0 up to and including 4.3.0 that allows an attacker to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read.
How severe is CVE-2020-10030?
CVE-2020-10030 has a severity rating of 8.8 (high).
Which software versions are affected by CVE-2020-10030?
PowerDNS Recursor versions 4.1.0 to 4.3.0 are affected by CVE-2020-10030.
How can an attacker exploit CVE-2020-10030?
An attacker with enough privileges to change the system's hostname can exploit CVE-2020-10030 to cause disclosure of uninitialized memory content.
Are there any references for CVE-2020-10030?
Yes, you can find references for CVE-2020-10030 at the following links: [link1](http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html), [link2](https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html), [link3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/)

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/weakness
agent/last-modified-date
agent/description
agent/first-publish-date
agent/author
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/powerdns
canonical/powerdns
version/powerdns/4.1.0
version/powerdns/4.3.0