sischkg/xfer-limit

sischkg/xfer-limit

Releases0

Stars4

These patches provide the limitation of AXFR data size for "BIND", "NSD", "knot DNS", "PowerDNS" in Secondary DNS providers.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2016-6171 ↗	Feb 9, 2017Thursday, 9 February 2017, 15:59	8.6 HIGH	5 MEDIUM
Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.
CVE-2016-6173 ↗	Feb 9, 2017Thursday, 9 February 2017, 15:59	—	7.8 HIGH
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.
CVE-2016-6172 ↗	Sep 26, 2016Monday, 26 September 2016, 16:59	—	7.1 HIGH
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
CVE-2016-6170 ↗	Jul 6, 2016Wednesday, 6 July 2016, 14:59	6.5 MEDIUM	4 MEDIUM
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.