{"id":"CVE-2016-7068","details":"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.","modified":"2026-04-16T06:16:38.917285495Z","published":"2018-09-11T13:29:00.713Z","related":["openSUSE-SU-2024:11156-1","openSUSE-SU-2024:11157-1"],"references":[{"type":"ADVISORY","url":"https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3763"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3764"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/powerdns/pdns","events":[{"introduced":"0"},{"fixed":"06ede1f2c905091585c1adfc4eb9208e256fcb3b"},{"introduced":"ba64cecd417688dc39c75e92f1a23b91f7f46d64"},{"fixed":"9d7fd146ebfcb2aa657ff34dab0f116f824ba77a"},{"introduced":"0"},{"fixed":"ed2de597f393c7ab637d47effca441f973a279d8"},{"introduced":"ba64cecd417688dc39c75e92f1a23b91f7f46d64"},{"fixed":"9388f1be79e49a1def301dad55512d50637b4982"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.4.11"},{"introduced":"4.0.0"},{"fixed":"4.0.2"},{"introduced":"0"},{"fixed":"3.7.4"},{"introduced":"4.0.0"},{"fixed":"4.0.4"}]}}],"versions":["auth-3.1-rc1","auth-3.1-rc2","auth-3.1-rc3","auth-3.2-rc1","auth-3.2-rc2","auth-3.2-rc3","auth-3.2-rc4","auth-3.4.0","auth-3.4.0-rc1","auth-3.4.0-rc2","auth-3.4.1","auth-3.4.10","auth-3.4.2","auth-3.4.3","auth-3.4.4","auth-3.4.5","auth-3.4.6","auth-3.4.7","auth-3.4.8","auth-3.4.9","auth-4.0.0","auth-4.0.1","dnsdist-1.1.0-beta1","rec-3-0","rec-3-0-1","rec-3.0","rec-3.0.1","rec-3.1.4","rec-3.3.1","rec-3.5","rec-3.5-rc1","rec-3.5-rc3","rec-3.5-rc4","rec-3.5-rc5","rec-3.6.0","rec-3.7.0","rec-3.7.0-rc1","rec-3.7.0-rc2","rec-3.7.1","rec-3.7.2","rec-3.7.3","rec-4.0.0","rec-4.0.1","rec-4.0.2","rec-4.0.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7068.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}