{"id":"CVE-2016-2120","details":"An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.","modified":"2026-04-16T06:17:03.050915385Z","published":"2018-11-01T13:29:00.253Z","related":["openSUSE-SU-2024:11156-1","openSUSE-SU-2024:11157-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3764"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/powerdns/pdns","events":[{"introduced":"0"},{"last_affected":"225c3cfed68ac6f8bd3af413003ca0c46312ac5c"},{"introduced":"ba64cecd417688dc39c75e92f1a23b91f7f46d64"},{"last_affected":"c3a33379007e61752ab977eae8075d8a98529011"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4.10"},{"introduced":"4.0.0"},{"last_affected":"4.0.1"}]}}],"versions":["auth-3.1-rc1","auth-3.1-rc2","auth-3.1-rc3","auth-3.2-rc1","auth-3.2-rc2","auth-3.2-rc3","auth-3.2-rc4","auth-3.4.0","auth-3.4.0-rc1","auth-3.4.0-rc2","auth-3.4.1","auth-3.4.10","auth-3.4.2","auth-3.4.3","auth-3.4.4","auth-3.4.5","auth-3.4.6","auth-3.4.7","auth-3.4.8","auth-3.4.9","auth-4.0.0","auth-4.0.1","rec-3-0","rec-3-0-1","rec-3.0","rec-3.0.1","rec-3.1.4","rec-3.3.1","rec-3.5","rec-3.5-rc1","rec-3.5-rc3","rec-3.5-rc4","rec-3.5-rc5","rec-3.6.0","rec-4.0.0","rec-4.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2120.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}