{"id":"CVE-2016-6172","details":"PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.","modified":"2026-04-16T06:20:33.302802657Z","published":"2016-09-26T16:59:04.947Z","related":["openSUSE-SU-2024:10136-1","openSUSE-SU-2024:10537-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/91678"},{"type":"WEB","url":"http://www.securitytracker.com/id/1036242"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3664"},{"type":"ADVISORY","url":"https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401"},{"type":"ADVISORY","url":"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"},{"type":"REPORT","url":"https://github.com/PowerDNS/pdns/issues/4128"},{"type":"REPORT","url":"https://github.com/PowerDNS/pdns/issues/4133"},{"type":"REPORT","url":"https://github.com/PowerDNS/pdns/pull/4134"},{"type":"FIX","url":"https://github.com/sischkg/xfer-limit/blob/master/README.md"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2016/07/06/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/powerdns/pdns","events":[{"introduced":"0"},{"last_affected":"ba64cecd417688dc39c75e92f1a23b91f7f46d64"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.0"}]}}],"versions":["auth-3.1-rc1","auth-3.1-rc2","auth-3.1-rc3","auth-3.2-rc1","auth-3.2-rc2","auth-3.2-rc3","auth-3.2-rc4","auth-3.4.0","auth-3.4.0-rc1","auth-3.4.0-rc2","auth-4.0.0","auth-4.0.0-alpha1","auth-4.0.0-alpha2","auth-4.0.0-alpha3","auth-4.0.0-beta1","auth-4.0.0-rc1","auth-4.0.0-rc2","dnsdist-1.0.0","dnsdist-1.0.0-alpha1","dnsdist-1.0.0-alpha2","dnsdist-1.0.0-beta1","rec-3-0","rec-3-0-1","rec-3.0","rec-3.0.1","rec-3.1.4","rec-3.3.1","rec-3.5","rec-3.5-rc1","rec-3.5-rc3","rec-3.5-rc4","rec-3.5-rc5","rec-3.6.0","rec-4.0.0","rec-4.0.0-alpha1","rec-4.0.0-alpha2","rec-4.0.0-alpha3","rec-4.0.0-beta1","rec-4.0.0-rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"42.1"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6172.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}]}