CVE-2016-2120

MEDIUM Year: 2016
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-190
View all →

Vulnerability Description

An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.

Related Vulnerabilities

CVE-2010-4653

MEDIUM
CVSS:6.5(Medium)

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

CWE-1902010

CVE-2016-10507

MEDIUM
CVSS:6.5(Medium)

Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application c...

CWE-1902016

CVE-2016-5223

MEDIUM
CVSS:6.5(Medium)

Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a...

CWE-1902016

CVE-2016-5844

MEDIUM
CVSS:6.5(Medium)

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

CWE-1902016

CVE-2016-6177

MEDIUM
CVSS:6.5(Medium)

The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk ...

CWE-1902016

CVE-2017-10791

MEDIUM
CVSS:6.5(Medium)

There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPS...

CWE-1902017