CVE-2023-26437 Deterred spoofing attempts can lead to authoritative servers being marked unavailable

🗓️ 04 Apr 2023 14:37:29Reported by OXType

Denial of service vulnerability in PowerDNS Recurso

Reporter	Title	Published	Views	Family All 35
BDU FSTEC	The vulnerability of the PowerDNS Recursor DNS server stems from the practice of marking authoritative servers as unavailable, allowing attackers to trigger a service failure.	16 Nov 202300:00	–	bdu_fstec
CNNVD	PowerDNS Recursor 安全漏洞	4 Apr 202300:00	–	cnnvd
CVE	CVE-2023-26437	4 Apr 202314:37	–	cve
FreeBSD	powerdns-recursor -- denial of service	29 Mar 202300:00	–	freebsd
Debian CVE	CVE-2023-26437	4 Apr 202314:37	–	debiancve
EUVD	EUVD-2023-30257	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 38 Update: pdns-recursor-4.8.4-1.fc38	15 Apr 202302:16	–	fedora
Fedora	[SECURITY] Fedora 37 Update: pdns-recursor-4.8.4-1.fc37	13 Apr 202301:54	–	fedora
Tenable Nessus	Fedora 37 : pdns-recursor (2023-0c1aaa76b6)	13 Apr 202300:00	–	nessus
Tenable Nessus	Fedora 38 : pdns-recursor (2023-680b2e6af5)	15 Apr 202300:00	–	nessus

[
  {
    "defaultStatus": "affected",
    "product": "Recursor",
    "vendor": "PowerDNS",
    "versions": [
      {
        "lessThanOrEqual": "4.6.5",
        "status": "affected",
        "version": "0",
        "versionType": "range"
      },
      {
        "lessThanOrEqual": "4.7.4",
        "status": "affected",
        "version": "0",
        "versionType": "range"
      },
      {
        "lessThanOrEqual": "4.8.3",
        "status": "affected",
        "version": "0",
        "versionType": "range"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR/
docs	www.docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6/

15 Apr 2023 03:07Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.13.4

EPSS0.00011