An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | pdns-recursor | <Â 4.3.1-1 | pdns-recursor_4.3.1-1_all.deb |
Debian | 11 | all | pdns-recursor | <Â 4.3.1-1 | pdns-recursor_4.3.1-1_all.deb |
Debian | 10 | all | pdns-recursor | <Â 4.1.11-1+deb10u1 | pdns-recursor_4.1.11-1+deb10u1_all.deb |
Debian | 999 | all | pdns-recursor | <Â 4.3.1-1 | pdns-recursor_4.3.1-1_all.deb |
Debian | 13 | all | pdns-recursor | <Â 4.3.1-1 | pdns-recursor_4.3.1-1_all.deb |