An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be inserted via AXFR.
This issue has been assigned CVE-2020-17482.
PowerDNS Authoritative up to and including version 4.3.0 are affected. Please note that at the time of writing, PowerDNS Authoritative 4.0 and below are no longer supported, as described in https://doc.powerdns.com/authoritative/appendices/EOL.html.
We would like to thank Nathaniel Ferguson for finding and subsequently reporting this issue!