CVE-2006-4252

2006-11-1420:07:00

[email protected]

web.nvd.nist.gov

cve-2006-4252

powerdns recursor

denial of service

resource exhaustion

application crash

cname record

zero ttl

infinite loop

6.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.7%

JSON

PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop.

Affected configurations

NVD

Node

powerdnsrecursorRange≤3.1.3

powerdnsrecursorMatch2.0_rc1

powerdnsrecursorMatch2.8

powerdnsrecursorMatch2.9.15

powerdnsrecursorMatch2.9.16

powerdnsrecursorMatch2.9.17

powerdnsrecursorMatch2.9.18

powerdnsrecursorMatch3.0

powerdnsrecursorMatch3.0.1

powerdnsrecursorMatch3.1

powerdnsrecursorMatch3.1.1

powerdnsrecursorMatch3.1.2

CPENameOperatorVersion
powerdns:recursorpowerdns recursorle3.1.3
powerdns:recursorpowerdns recursoreq2.0_rc1
powerdns:recursorpowerdns recursoreq2.8
powerdns:recursorpowerdns recursoreq2.9.15
powerdns:recursorpowerdns recursoreq2.9.16
powerdns:recursorpowerdns recursoreq2.9.17
powerdns:recursorpowerdns recursoreq2.9.18
powerdns:recursorpowerdns recursoreq3.0
powerdns:recursorpowerdns recursoreq3.0.1
powerdns:recursorpowerdns recursoreq3.1

CPE	Name	Operator	Version
powerdns:recursor	powerdns recursor	le	3.1.3
powerdns:recursor	powerdns recursor	eq	2.0_rc1
powerdns:recursor	powerdns recursor	eq	2.8
powerdns:recursor	powerdns recursor	eq	2.9.15
powerdns:recursor	powerdns recursor	eq	2.9.16
powerdns:recursor	powerdns recursor	eq	2.9.17
powerdns:recursor	powerdns recursor	eq	2.9.18
powerdns:recursor	powerdns recursor	eq	3.0
powerdns:recursor	powerdns recursor	eq	3.0.1
powerdns:recursor	powerdns recursor	eq	3.1