authoritative DNS server updates , in which four vulnerabilities, two of which could potentially lead to remote execution of attacker code.
Vulnerabilities CVE-2020-24696, CVE-2020-24697 and CVE-2020-24698
code with the implementation of the key exchange mechanism . Vulnerabilities appear only when building PowerDNS with GSS-TSIG support ("--enable-experimental-gss-tsig", is not used by default) and can be exploited by sending a specially crafted network packet. Vulnerabilities CVE-2020-24696 and CVE-2020-24698, caused by a race condition and double-free memory (double-free), can lead to a crash or execution of attacker code when processing requests with incorrectly formatted GSS-TSIG signatures. The vulnerability CVE-2020-24697 is limited to a denial of service. Since the GSS-TSIG code was not used by default, including in distribution packages, and potentially contains other problems, it was decided to completely remove it in the release of PowerDNS Authoritative 4.4.0.
can lead to information leakage from the uninitialized memory of the process, but only occurs when processing requests from authenticated users who have the ability to add new records to the DNS zones serviced by the server.
Source: opennet.ru