A vulnerability was in found in PowerDNS Authoritative Server (from 3.3.0 up to and including 4.1.3) and PowerDNS Recursor (from 3.2 up to and including 4.1.3). The issue is a memory leak occurring while parsing some malformed records, due to the fact that some memory is allocated parsing a record and is not always properly released if the record is not valid.
In the authoritative server, it allows an authorized user to cause a denial of service by inserting specially crafted records in a zone under their control, then sending DNS queries for that zone.
In the recursor, it allows a malicious auth server to cause a denial of service by sending specially crafted records in response to a legitimate query by an authorized user.
References:
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.htmlhttps://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html