CVE-2009-4009

Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets.

Published: Jan 8, 2010
Updated: Apr 13, 2023
CVE: CVE-2009-4009
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
powerdns / recursor	3.1.7	3.1.7.x
powerdns / recursor	3.1	3.1.x
powerdns / recursor	2.9.18	2.9.18.x
powerdns / recursor	2.0_rc1	2.0_rc1.x
powerdns / recursor	3.1.2	3.1.2.x
powerdns / recursor	3.0	3.0.x
powerdns / recursor	2.9.15	2.9.15.x
powerdns / recursor	3.1.5	3.1.5.x
powerdns / recursor	3.1.1	3.1.1.x
powerdns / recursor	3.0.1	3.0.1.x
powerdns / recursor	-	3.1.7.2.x
powerdns / recursor	2.9.17	2.9.17.x
powerdns / recursor	3.1.7.1	3.1.7.1.x
powerdns / recursor	2.8	2.8.x
powerdns / recursor	3.1.3	3.1.3.x
powerdns / recursor	2.9.16	2.9.16.x
powerdns / recursor	3.1.4	3.1.4.x
powerdns / recursor	3.1.6	3.1.6.x

http://doc.powerdns.com/powerdns-advisory-2010-01.html
http://secunia.com/advisories/38004
http://secunia.com/advisories/38068
http://securitytracker.com/id?1023403
http://www.securityfocus.com/archive/1/508743/100/0/threaded
http://www.securityfocus.com/bid/37650
http://www.vupen.com/english/advisories/2010/0054
https://bugzilla.redhat.com/show_bug.cgi?id=552285
https://exchange.xforce.ibmcloud.com/vulnerabilities/55438
https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00217.html
https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00228.html

Vulnerability Database

289,599

CVE-2009-4009