An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | pdns-recursor | <Â 4.3.1-r0 | UNKNOWN |
Alpine | 3.10-community | noarch | pdns-recursor | <Â 4.1.16-r0 | UNKNOWN |
Alpine | 3.11-community | noarch | pdns-recursor | <Â 4.2.2-r0 | UNKNOWN |
Alpine | 3.12-community | noarch | pdns-recursor | <Â 4.3.1-r0 | UNKNOWN |
Alpine | 3.13-community | noarch | pdns-recursor | <Â 4.3.1-r0 | UNKNOWN |
Alpine | 3.14-community | noarch | pdns-recursor | <Â 4.3.1-r0 | UNKNOWN |
Alpine | 3.15-community | noarch | pdns-recursor | <Â 4.3.1-r0 | UNKNOWN |
Alpine | 3.16-community | noarch | pdns-recursor | <Â 4.3.1-r0 | UNKNOWN |
Alpine | 3.17-community | noarch | pdns-recursor | <Â 4.3.1-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | pdns-recursor | <Â 4.3.1-r0 | UNKNOWN |