CVE-2021-36754 PoC — PowerDNS Authoritative Server 缓冲区错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2021/CVE-2021-36754.yaml

Associated Vulnerability

Title:PowerDNS Authoritative Server 缓冲区错误漏洞 (CVE-2021-36754)
Description:Powerdns PowerDNS Authoritative Server是荷兰PowerDNS（Powerdns）公司的一款DNS服务器。 PowerDNS Authoritative Server存在缓冲区错误漏洞，该漏洞的存在是由于处理DNS查询时的边界条件。远程攻击者可利用该漏洞可以使用QTYPE 65535发送一个特别设计的查询，触发边界读取错误并执行拒绝服务(DoS)攻击。该漏洞允许远程攻击者可利用该漏洞执行拒绝服务(DoS)攻击。

Description

PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.

File Snapshot


 id: CVE-2021-36754

info:
  name: PowerDNS Authoritative Server - Denial of Service
  author: daffai

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!