Previous topic

PowerDNS Security Advisory 2019-03: Insufficient validation in the HTTP remote backend

Next topic

PowerDNS Security Advisory 2019-05: Denial of service via NOTIFY packets

This Page

PowerDNS Security Advisory 2019-04: Denial of service via crafted zone records

  • CVE: CVE-2019-10162
  • Date: June 21st 2019
  • Affects: PowerDNS Authoritative up to and including 4.1.9
  • Not affected: 4.1.10, 4.0.8
  • Severity: Medium
  • Impact: Denial of Service
  • Exploit: This problem can be triggered via crafted records
  • Risk of system compromise: No
  • Solution: Upgrade to a non-affected version
  • Workaround: run the process inside the guardian or inside a supervisor

An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.

This issue has been assigned CVE-2019-10162.

PowerDNS Authoritative up to and including 4.1.9 is affected. Please note that at the time of writing, PowerDNS Authoritative 3.4 and below are no longer supported, as described in

We would like to thank Gert van Dijk for finding and subsequently reporting this issue!