50 matches found
CVE-2023-50868
CVE-2023-50868 is a DNSSEC-related denial of service issue (NSEC3 Closest Encloser proof) that can cause CPU exhaustion. The connected documents confirm impact on DNS implementations such as Unbound and BIND/BIND9 and describe the root cause as processors performing thousands of hash iterations f...
CVE-2023-50387
CVE-2023-50387 (KeyTrap) affects DNSSEC processing in DNS resolvers. Multiple advisories note excessive CPU/DoS risk when validating DNSKEY/RRSIG in zones with many records. Affected products include Bind (bind9) and Unbound across Linux distributions (e.g., AL2, AlmaLinux) with patches/released ...
CVE-2022-27227
CVE-2022-27227 affects PowerDNS, with the IXFR end-condition validation bug in both Authoritative Server (before 4.4.3, 4.5.x before 4.5.4, 4.6.x before 4.6.1) and Recursor (before 4.4.8, 4.5.x before 4.5.8, 4.6.x before 4.6.1). The issue allows an incomplete zone transfer to be misinterpreted as...
CVE-2020-10995
PowerDNS Recursor (PowerDNS Recursor 4.1.0–4.3.0) is affected by CVE-2020-10995. A DNS-protocol issue allows an attacker to use recursive resolvers to amplify traffic toward third-party authoritative name servers, potentially degrading service. Mitigations exist in PowerDNS Recursor 4.1.16, 4.2.2...
CVE-2020-10030
PowerDNS Recursor (versions 4.1.0–4.3.0) is affected by CVE-2020-10030. A stack-based out-of-bounds read occurs when an attacker with privileges to change the hostname triggers disclosure of uninitialized memory due to gethostname() not null-terminating the returned string for hostnames larger th...
CVE-2020-25829
PowerDNS Recursor (cve-2020-25829) affects versions prior to 4.1.18, 4.2.x prior to 4.2.5, and 4.3.x prior to 4.3.5. A remote attacker can make cached records for a name transition to the Bogus DNSSEC validation state via a DNS ANY query, causing denial of service for installations that always va...
CVE-2016-7068
PowerDNS (Authoritative Server and Recursor) pre-fix versions are affected by CVE-2016-7068, allowing remote, unauthenticated attackers to cause abnormal CPU usage by sending crafted DNS queries that trigger parsing of all records in a query, potentially leading to a partial DoS. Affected ranges ...
CVE-2020-14196
PowerDNS Recursor (pdns-recursor) is affected by CVE-2020-14196, where the ACL restricting access to the internal web server is not properly enforced in versions up to 4.3.1, 4.2.2 and 4.1.16. Several connected advisories confirm this issue and note that mitigations involve upgrading to a fixed p...
CVE-2020-12244
PowerDNS Recursor 4.1.0–4.3.0 contains an NXDOMAIN validation issue in SyncRes::processAnswer, where records in the NXDOMAIN response without an SOA are not properly validated, allowing a bypass of DNSSEC validation. Affects multiple distributions; fixes exist upstream in 4.2.x/4.3.x series and d...
CVE-2018-10851
PowerDNS Authoritative Server (versions 3.3.0–4.1.4, excluding 4.1.5 and 4.0.6) and PowerDNS Recursor (3.2–4.1.4, excluding 4.1.5 and 4.0.9) are affected by CVE-2018-10851 due to a memory leak when parsing malformed records, which can lead to remote denial of service. Multiple connected advisorie...
CVE-2019-3807
PowerDNS Recursor (4.1.x before 4.1.9) has a DNSSEC validation bypass in responses where AA=0; records in the answer section from authoritative servers were not properly validated. Public reports reference PowerDNS Recursor 4.1.9+ fixes, with Fedora/OpenSUSE advisories noting fixes in 2019 (and l...
CVE-2019-3806
PowerDNS Recursor (pdns-recursor) version range affected: after 4.1.3 up to before 4.1.9. The issue stems from Lua hooks not being properly applied to TCP queries in certain settings, potentially bypassing security policies enforced via Lua. Exploitation details are not provided in the supplied d...
CVE-2017-15120
CVE-2017-15120 affects PowerDNS Recursor prior to 4.0.8. The issue is a NULL pointer dereference caused while parsing authoritative answers, specifically when the response contains a CNAME of a different class than IN. An unauthenticated remote attacker can trigger a denial of service on vulnerab...
CVE-2023-26437
CVE-2023-26437 affects the PowerDNS Recursor. A Denial of Service vulnerability allows authoritative servers to be marked unavailable in Recursor versions up to 4.6.5, 4.7.4, and 4.8.3. Public details in connected advisories show remediation via updated Recursor release (e.g., 4.8.6) in SUSE/open...
CVE-2016-7074
CVE-2016-7074 affects PowerDNS (authoritative server and recursor): insufficient TSIG validation allows MITM to alter AXFR content due to missing check that the TSIG record is last, enabling parsing of records outside the TSIG scope. Affected: PowerDNS versions before 3.4.11/4.0.2 and recursor be...
CVE-2016-7073
PowerDNS (authoritative server and recursor) prior to versions 3.4.11/4.0.2 and 4.0.4 respectively had a vulnerability CVE-2016-7073 where TSIG signatures were insufficiently validated during AXFR, due to a missing check of TSIG time and fudge values in AXFRRetriever. This allowed an attacker in ...
CVE-2018-14626
CVE-2018-14626 affects PowerDNS: Authoritative Server 4.1.0–4.1.4 and Recursor 4.0.0–4.1.4 are vulnerable to packet cache pollution via crafted query, causing denial of service. Exploitation status not detailed in the provided docs. Remediation is to apply the vendor advisories/updates (e.g., Ubu...
CVE-2017-15092
CVE-2017-15092 affects PowerDNS Recursor web interface (4.0.0–4.0.6): the qname field in DNS queries is displayed without escaping, enabling a remote attacker to inject HTML/JavaScript and alter the interface content. Connected sources confirm the issue and reference affected versions; some feeds...
CVE-2015-1868
CVE-2015-1868 concerns PowerDNS components (Recursor and Authoritative Server) where the vulnerability arises from the label decompression logic. A request whose domain name refers to itself can trigger excessive CPU usage or crash the server, enabling a remote DoS. Affected: PowerDNS Recursor 3....
CVE-2017-15093
CVE-2017-15093 affects PowerDNS Recursor (4.x up to 4.0.6 and 3.x up to 3.7.4). An authenticated user can modify the Recursor’s ACL by adding/removing netmasks and configure forward zones when api-config-dir is non-empty. The root cause is insufficient validation of the new netmask and IP address...
CVE-2023-22617
The CVE-2023-22617 issue affects PowerDNS Recursor 4.8.0, where a remote attacker could trigger infinite recursion by processing a DNS query for DS records in a misconfigured domain, due to QName minimization in QM fallback mode. The vulnerability is mitigated by upgrading to PowerDNS Recursor 4....
CVE-2018-16855
PowerDNS Recursor (pdns-recursor) before version 4.1.8 is vulnerable to an out-of-bounds memory read when computing the query hash for packet cache lookups during a DNS query, potentially crashing the process. Connected advisories indicate fixed releases (e.g., OpenSUSE/Fedora updates to 4.1.8+ a...
CVE-2018-14644
PowerDNS Recursor (4.0.0–4.1.4) is affected by CVE-2018-14644. A remote attacker sending a DNS query for a meta-type such as OPT can cause a zone to be cached as failing DNSSEC validation when the parent zone is signed and all authoritative servers reply with FORMERR, resulting in ServFail respon...
CVE-2017-15090
The CVE concerns PowerDNS Recursor 4.0.0–4.0.6, where the DNSSEC validation component could incorrectly accept signatures as valid even when the signed data was not within the DNSKEY signer’s bailiwick. This could let a man-in-the-middle attacker modify DNS records by issuing a valid signature fo...
CVE-2015-5470
The CVE-2015-5470 issue affects PowerDNS components: Recursor (before 3.6.4) and 3.7.x before 3.7.3, and Authoritative Server (before 3.3.3 and 3.4.x before 3.4.5). Root cause is the label decompression feature allowing a remote attacker to cause a denial of service by sending a request with a lo...
CVE-2018-1000003
CVE-2018-1000003 affects the DNSSEC validation component of PowerDNS Recursor (version 4.1.0). The root cause is improper input validation in the DNSSEC validators, enabling a network attacker in a man‑in‑the‑middle position to replay packets and cause the existence of some DNS data to be denied ...
CVE-2022-37428
PowerDNS Recursor (versions up to 4.5.9, 4.6.2, and 4.7.1) is affected when protobuf logging is enabled. The issue is an improper cleanup upon a thrown exception which can cause a denial of service (daemon crash) via a crafted DNS query that elicits a specific response property. Public sources in...
CVE-2009-4009
PowerDNS Recursor (3.x) is affected by CVE-2009-4009. The issue is a buffer overflow in the Recursor before version 3.1.7.2 that can be triggered by crafted UDP/TCP packets, leading to a daemon crash and potentially arbitrary code execution. Public sources in the connected documents consistently ...
CVE-2017-15094
PowerDNS Recursor (4.0.0–4.0.6) has a memory leak in the DNSSEC parsing path when processing DNSSEC ECDSA keys with validation enabled (dnssec not off/process-no-validate). Affected component: DNSSEC parsing code in the Recursor. Impact: memory leak; no explicit exploitation details provided in t...
CVE-2008-1637
CVE-2008-1637 affects the PowerDNS Recursor (3.x) prior to 3.1.6, due to insufficient randomness used to compute TRXID values and UDP source ports, enabling potential cache poisoning. The underlying issue involves weaknesses in the random/seeding approach (32-bit seed; time-based seeding; externa...
CVE-2009-4010
PowerDNS Recursor (3.x) is affected by CVE-2009-4010, a remote spoofing vulnerability in which an attacker can craft zones to cause the server to return spoofed DNS data. The issue affects versions prior to 3.1.7.2 (as reported by multiple Nessus/OpenVAS/Gentoo entries referencing CVE-2009-4010 a...
CVE-2014-8601
CVE-2014-8601 affects PowerDNS Recursor before 3.6.2, where it fails to limit delegation chaining, allowing a remote attacker to cause a denial-of-service (performance degradations) via a large or infinite number of referrals (as demonstrated by ezdns.it). The issue is addressed in PowerDNS Recur...
CVE-2008-3217
PowerDNS Recursor before 3.1.6 has weak randomness in TRXID and UDP source port selection, enabling potential remote DNS cache poisoning. Affected: PowerDNS Recursor
CVE-2006-4252
PowerDNS Recursor (3.1.3 and earlier) is affected by CVE-2006-4252: processing a CNAME record with a zero TTL can trigger an infinite loop, causing resource exhaustion and an application crash (denial of service). Affected software is the PowerDNS Recursor; remediation is to upgrade to 3.1.4 or l...
CVE-2006-4251
PowerDNS Recursor 3.1.3 and earlier are affected by CVE-2006-4251 due to a buffer overflow in handling TCP DNS queries, potentially allowing remote code execution. Mitigation observed in connected docs: upgrade to pdns-recursor 3.1.4 or later (e.g., Debian/DSA-1211-1 and SUSE/SUSES-SA:2006:070 de...
CVE-2025-59024
PowerDNS Recursor (CVE-2025-59024; also related CVE-2025-59023) is affected by cache-pollution vulnerabilities due to insufficient validation of delegation information. The issue can poison cached delegations in Recursor, with CVSS ~6.5 (Network, High impact on integrity; Availability low) as per...
CVE-2026-33260
CVE-2026-33260 describes an input-validation flaw in the internal web server that can cause unlimited memory allocation when processing a web request, resulting in denial of service. The issue is documented across multiple feeds (NVD, ENISA EUVD, Debian OSV, CIRCL, etc.), all noting that the inte...
CVE-2025-59030
PowerDNS Recursor is affected by CVE-2025-59030 due to insufficient validation of incoming notifies over TCP, which can lead to a denial of service. Debian notes the fix in pdns-recursor 5.2.7-0+deb13u1 for the stable TRIXIE release and recommends upgrading. Other OpenVAS/NVD references reiterate...
CVE-2025-59023
CVE-2025-59023 affects PowerDNS Recursor. The vulnerability arises from insufficient validation of delegation information, which can poison cached delegations in the Recursor. Affected component is the Recursor’s handling of delegation data; the root cause is validation weaknesses in delegation i...
CVE-2026-33601
The CVE-2026-33601 issue affects the zoneToCache function when fed by a malicious authoritative server. The underlying fault is a missing consistency check that can allow a crafted zone to trigger a null pointer dereference, resulting in a denial of service. Reported CVSSv3.1 metrics indicate net...
CVE-2026-33257
The CVE-2026-33257 issue enables an attacker to send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. In the provided documents, no concrete product/vendor/version, root cause details ...
CVE-2026-33262
CVE-2026-33262 describes insufficient validation of cookie replies, causing a null pointer dereference and denial of service. The issue arises from a missing consistency check when processing replies, with cookies disabled by default. CVSS 3.1 base score 5.9 (Network attack, high complexity, no p...
CVE-2026-33256
CVE-2026-33256 affects PowerDNS Recursor: an attacker can send a network web request that triggers unbounded memory allocation in the internal web server, causing a denial of service. The internal web server is disabled by default, mitigating some exposure. Public sources (NVD, Red Hat, Debian, E...
CVE-2026-24027
PDNS Recursor (PDNS-Recursor) is affected by CVE-2026-24027 (also listed with CVE-2026-0398 in Debian DSA-6134) where crafted zones can cause increased resource usage, potentially leading to a denial of service. The issue is triggered by processing crafted/ malformed zone data and is discussed in...
CVE-2026-33600
CVE-2026-33600 describes a null pointer dereference in RPZ transfer caused by a missing consistency check when processing an RPZ from a malicious authoritative server, leading to denial of service. The documents reference a PowerDNS security advisory; no vendor/product version details are provide...
CVE-2025-59029
PowerDNS Recursor exposes CVE-2025-59029: an attacker can trigger an assertion failure by sending crafted DNS records and then querying with qtype=ANY after records are cached. The issue affects the PowerDNS Recursor family per multiple CNVD/NVD/CVE records; the NVD metrics indicate NETWORK attac...
CVE-2026-0398
PowerDNS Recursor is affected by CVE-2026-0398. The issue involves crafted DNS zones that can cause increased resource usage and crafted CNAME chains that can lead to cache poisoning in the Recursor. The available documents do not specify affected versions, exact root cause in code paths, or offi...
CVE-2026-33258
PowerDNS Recursor is affected by CVE-2026-33258. A flaw allows an attacker to publish and query a crafted zone, causing allocation of large entries in negative and aggressive NSEC3 caches. This can lead to resource usage and potential denial of service; CVSS indicates high impact on availability ...
CVE-2026-33259
CVE-2026-33259 affects PowerDNS Recursor RPZ handling. The issue arises when there are many concurrent transfers of the same RPZ, which can lead to inconsistent RPZ data, use-after-free, or a crash of the recursor. The root cause is described as concurrent transfers of the same RPZ zone occurring...
CVE-2026-33261
CVE-2026-33261 describes a denial of service triggered by a zone transition from NSEC to NSEC3, linked to a null pointer access in the aggressive NSEC(3) cache. The description from CVE records (Vuln NLP) indicates internal inconsistency during the NSEC/NSEC3 transition can lead to DoS. The conne...