{"id":"CVE-2016-7073","details":"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.","modified":"2026-04-16T06:20:11.341239303Z","published":"2018-09-11T13:29:01.057Z","related":["openSUSE-SU-2024:11156-1"],"references":[{"type":"ADVISORY","url":"https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3764"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/powerdns/pdns","events":[{"introduced":"0"},{"fixed":"06ede1f2c905091585c1adfc4eb9208e256fcb3b"},{"introduced":"ba64cecd417688dc39c75e92f1a23b91f7f46d64"},{"fixed":"9d7fd146ebfcb2aa657ff34dab0f116f824ba77a"},{"introduced":"0"},{"fixed":"ed2de597f393c7ab637d47effca441f973a279d8"},{"introduced":"ba64cecd417688dc39c75e92f1a23b91f7f46d64"},{"fixed":"9388f1be79e49a1def301dad55512d50637b4982"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.4.11"},{"introduced":"4.0.0"},{"fixed":"4.0.2"},{"introduced":"0"},{"fixed":"3.7.4"},{"introduced":"4.0.0"},{"fixed":"4.0.4"}]}}],"versions":["auth-3.1-rc1","auth-3.1-rc2","auth-3.1-rc3","auth-3.2-rc1","auth-3.2-rc2","auth-3.2-rc3","auth-3.2-rc4","auth-3.4.0","auth-3.4.0-rc1","auth-3.4.0-rc2","auth-3.4.1","auth-3.4.10","auth-3.4.2","auth-3.4.3","auth-3.4.4","auth-3.4.5","auth-3.4.6","auth-3.4.7","auth-3.4.8","auth-3.4.9","auth-4.0.0","auth-4.0.1","dnsdist-1.1.0-beta1","rec-3-0","rec-3-0-1","rec-3.0","rec-3.0.1","rec-3.1.4","rec-3.3.1","rec-3.5","rec-3.5-rc1","rec-3.5-rc3","rec-3.5-rc4","rec-3.5-rc5","rec-3.6.0","rec-3.7.0","rec-3.7.0-rc1","rec-3.7.0-rc2","rec-3.7.1","rec-3.7.2","rec-3.7.3","rec-4.0.0","rec-4.0.1","rec-4.0.2","rec-4.0.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7073.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}