{"id":"CVE-2017-15120","details":"An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.","modified":"2026-03-20T11:19:21.429773Z","published":"2018-07-27T15:29:00.343Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106335"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4063"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120"},{"type":"FIX","url":"http://seclists.org/oss-sec/2017/q4/382"},{"type":"FIX","url":"https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/powerdns/pdns","events":[{"introduced":"0"},{"fixed":"fdd1fca63fc4949984b501ed1bca8fa01a23fc61"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.0.8"}]}}],"versions":["auth-3.1-rc1","auth-3.1-rc2","auth-3.1-rc3","auth-3.2-rc1","auth-3.2-rc2","auth-3.2-rc3","auth-3.2-rc4","auth-3.3","auth-3.3-rc1","auth-3.3-rc2","auth-3.4.0","auth-3.4.0-rc1","auth-3.4.0-rc2","auth-4.0.0","auth-4.0.0-alpha1","auth-4.0.0-alpha2","auth-4.0.0-alpha3","auth-4.0.0-beta1","auth-4.0.0-rc1","auth-4.0.0-rc2","auth-4.0.1","dnsdist-1.0.0","dnsdist-1.0.0-alpha1","dnsdist-1.0.0-alpha2","dnsdist-1.0.0-beta1","dnsdist-1.1.0-beta1","rec-3-0","rec-3-0-1","rec-3.0","rec-3.0.1","rec-3.1.4","rec-3.3.1","rec-3.5","rec-3.5-rc1","rec-3.5-rc3","rec-3.5-rc4","rec-3.5-rc5","rec-3.6.0","rec-3.6.0-rc1","rec-3.7.0","rec-3.7.0-rc1","rec-3.7.0-rc2","rec-4.0.0","rec-4.0.0-alpha1","rec-4.0.0-alpha2","rec-4.0.0-alpha3","rec-4.0.0-beta1","rec-4.0.0-rc1","rec-4.0.1","rec-4.0.2","rec-4.0.3","rec-4.0.4","rec-4.0.5","rec-4.0.5-rc1","rec-4.0.5-rc2","rec-4.0.6","rec-4.0.7"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15120.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}