CVE-2017-15120

Name: CVE-2017-15120
Creator: NVD / NIST
Published: 2018-07-27T15:29:00.343+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 51.79%

Last modified Jun 17, 2026

CVE-2017-15120 is a vulnerability of currently unknown severity. An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.. EPSS estimates a 51.79% chance of exploitation in the next 30 days.

Description

An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.

Metrics

EPSS Probability

51.79%

98.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Powerdns	Recursor	< 4.0.8
Debian	Debian Linux	8.0
Debian	Debian Linux	9.0

References

http://seclists.org/oss-sec/2017/q4/382Mailing List, Patch, Third Party Advisory
http://www.securityfocus.com/bid/106335Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120Issue Tracking, Third Party Advisory
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.htmlPatch, Vendor Advisory
https://www.debian.org/security/2017/dsa-4063Third Party Advisory
http://seclists.org/oss-sec/2017/q4/382Mailing List, Patch, Third Party Advisory
http://www.securityfocus.com/bid/106335Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120Issue Tracking, Third Party Advisory
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.htmlPatch, Vendor Advisory
https://www.debian.org/security/2017/dsa-4063Third Party Advisory

Timeline

Published: Jul 27, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-15120?

How severe is CVE-2017-15120?

Severity scoring for CVE-2017-15120 is pending analysis. The EPSS model estimates a 51.79% probability of exploitation in the next 30 days.

How do I fix CVE-2017-15120?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-15120?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST