Latest powerdns recursor Vulnerabilities

CVE-2023-50387
Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2022
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2022, 23H2 Edition
Microsoft Windows Server 2022
and 58 more
CVE-2023-26437
Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.
PowerDNS Recursor<4.6.6
PowerDNS Recursor>=4.7.0<4.7.5
PowerDNS Recursor>=4.8.0<4.8.4
CVE-2023-22617
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fa...
PowerDNS Recursor=4.8.0
CVE-2022-37428
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS qu...
PowerDNS Recursor>=4.5.0<4.5.10
PowerDNS Recursor>=4.6.0<4.6.3
PowerDNS Recursor>=4.7.0<4.7.2
Fedoraproject Fedora=36
CVE-2022-27227
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an ...
PowerDNS Authoritative Server<4.4.3
PowerDNS Authoritative Server>=4.5.0<4.5.4
PowerDNS Authoritative Server>=4.6.0<4.6.1
PowerDNS Recursor<4.4.8
PowerDNS Recursor>=4.5.0<4.5.8
PowerDNS Recursor>=4.6.0<4.6.1
and 3 more
CVE-2020-25829
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSE...
PowerDNS Recursor<4.1.18
PowerDNS Recursor>=4.2.0<4.2.5
PowerDNS Recursor>=4.3.0<4.3.5
openSUSE Backports SLE=15.0-sp1
openSUSE Backports SLE=15.0-sp2
openSUSE Leap=15.1
and 1 more
CVE-2020-14196
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
PowerDNS Recursor<=4.1.16
PowerDNS Recursor>=4.2.0<=4.2.2
PowerDNS Recursor>=4.3.0<=4.3.1
CVE-2020-10995
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recur...
PowerDNS Recursor>=4.1.0<=4.3.0
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Debian Debian Linux=10.0
openSUSE Backports SLE=15.0-sp1
openSUSE Leap=15.1
and 1 more
CVE-2020-10030
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory...
PowerDNS Recursor>=4.1.0<=4.3.0
CVE-2020-12244
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowi...
PowerDNS Recursor>=4.1.0<=4.3.0
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Debian Debian Linux=10.0
openSUSE Backports SLE=15.0-sp1
openSUSE Leap=15.1
and 1 more
CVE-2019-3807
PowerDNS Recursor>=4.1.0<=4.1.8
CVE-2018-16855
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packe...
PowerDNS Recursor<4.1.8
CVE-2018-14644
PowerDNS Recursor>=4.0.0<=4.1.4
CVE-2016-7074
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insuff...
PowerDNS Authoritative<3.4.11
PowerDNS Authoritative>=4.0.0<4.0.2
PowerDNS Recursor<4.0.4
Debian Debian Linux=8.0
debian/pdns
debian/pdns-recursor
CVE-2016-7073
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insuff...
PowerDNS Authoritative<3.4.11
PowerDNS Authoritative>=4.0.0<4.0.2
PowerDNS Recursor<3.7.4
PowerDNS Recursor>=4.0.0<4.0.4
Debian Debian Linux=8.0
debian/pdns
and 1 more
CVE-2016-7068
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerD...
PowerDNS Authoritative<3.4.11
PowerDNS Authoritative>=4.0.0<4.0.2
PowerDNS Recursor<3.7.4
PowerDNS Recursor>=4.0.0<4.0.4
Debian Debian Linux=8.0
debian/pdns
and 1 more
CVE-2017-15120
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a...
debian/pdns-recursor
PowerDNS Recursor<4.0.8
Debian Debian Linux=8.0
Debian Debian Linux=9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203