Lucene search
K
PowerdnsRecursor

50 matches found

CVE
CVE
added 2024/02/14 12:0 a.m.11336 views

CVE-2023-50868

CVE-2023-50868 is a DNSSEC-related denial of service issue (NSEC3 Closest Encloser proof) that can cause CPU exhaustion. The connected documents confirm impact on DNS implementations such as Unbound and BIND/BIND9 and describe the root cause as processors performing thousands of hash iterations f...

7.5CVSS7.6AI score0.81729EPSS
CVE
CVE
added 2024/02/14 12:0 a.m.3274 views

CVE-2023-50387

CVE-2023-50387 (KeyTrap) affects DNSSEC processing in DNS resolvers. Multiple advisories note excessive CPU/DoS risk when validating DNSKEY/RRSIG in zones with many records. Affected products include Bind (bind9) and Unbound across Linux distributions (e.g., AL2, AlmaLinux) with patches/released ...

7.5CVSS7.7AI score0.99995EPSS
CVE
CVE
added 2022/03/25 2:41 p.m.344 views

CVE-2022-27227

CVE-2022-27227 affects PowerDNS, with the IXFR end-condition validation bug in both Authoritative Server (before 4.4.3, 4.5.x before 4.5.4, 4.6.x before 4.6.1) and Recursor (before 4.4.8, 4.5.x before 4.5.8, 4.6.x before 4.6.1). The issue allows an incomplete zone transfer to be misinterpreted as...

7.5CVSS7.3AI score0.04908EPSS
CVE
CVE
added 2020/05/19 4:4 p.m.303 views

CVE-2020-10995

PowerDNS Recursor (PowerDNS Recursor 4.1.0–4.3.0) is affected by CVE-2020-10995. A DNS-protocol issue allows an attacker to use recursive resolvers to amplify traffic toward third-party authoritative name servers, potentially degrading service. Mitigations exist in PowerDNS Recursor 4.1.16, 4.2.2...

7.5CVSS7.3AI score0.04372EPSS
CVE
CVE
added 2020/05/19 3:52 p.m.290 views

CVE-2020-10030

PowerDNS Recursor (versions 4.1.0–4.3.0) is affected by CVE-2020-10030. A stack-based out-of-bounds read occurs when an attacker with privileges to change the hostname triggers disclosure of uninitialized memory due to gethostname() not null-terminating the returned string for hostnames larger th...

8.8CVSS9AI score0.23889EPSS
CVE
CVE
added 2020/10/16 5:7 a.m.262 views

CVE-2020-25829

PowerDNS Recursor (cve-2020-25829) affects versions prior to 4.1.18, 4.2.x prior to 4.2.5, and 4.3.x prior to 4.3.5. A remote attacker can make cached records for a name transition to the Bogus DNSSEC validation state via a DNS ANY query, causing denial of service for installations that always va...

7.5CVSS7.1AI score0.06465EPSS
CVE
CVE
added 2018/09/11 1:0 p.m.243 views

CVE-2016-7068

PowerDNS (Authoritative Server and Recursor) pre-fix versions are affected by CVE-2016-7068, allowing remote, unauthenticated attackers to cause abnormal CPU usage by sending crafted DNS queries that trigger parsing of all records in a query, potentially leading to a partial DoS. Affected ranges ...

7.8CVSS7AI score0.07294EPSS
CVE
CVE
added 2020/07/01 5:3 p.m.227 views

CVE-2020-14196

PowerDNS Recursor (pdns-recursor) is affected by CVE-2020-14196, where the ACL restricting access to the internal web server is not properly enforced in versions up to 4.3.1, 4.2.2 and 4.1.16. Several connected advisories confirm this issue and note that mitigations involve upgrading to a fixed p...

5.3CVSS5.4AI score0.01688EPSS
CVE
CVE
added 2020/05/19 1:51 p.m.219 views

CVE-2020-12244

PowerDNS Recursor 4.1.0–4.3.0 contains an NXDOMAIN validation issue in SyncRes::processAnswer, where records in the NXDOMAIN response without an SOA are not properly validated, allowing a bypass of DNSSEC validation. Affects multiple distributions; fixes exist upstream in 4.2.x/4.3.x series and d...

7.5CVSS7.4AI score0.02434EPSS
CVE
CVE
added 2018/11/29 6:0 p.m.194 views

CVE-2018-10851

PowerDNS Authoritative Server (versions 3.3.0–4.1.4, excluding 4.1.5 and 4.0.6) and PowerDNS Recursor (3.2–4.1.4, excluding 4.1.5 and 4.0.9) are affected by CVE-2018-10851 due to a memory leak when parsing malformed records, which can lead to remote denial of service. Multiple connected advisorie...

7.5CVSS7.3AI score0.06041EPSS
CVE
CVE
added 2019/01/29 5:0 p.m.175 views

CVE-2019-3807

PowerDNS Recursor (4.1.x before 4.1.9) has a DNSSEC validation bypass in responses where AA=0; records in the answer section from authoritative servers were not properly validated. Public reports reference PowerDNS Recursor 4.1.9+ fixes, with Fedora/OpenSUSE advisories noting fixes in 2019 (and l...

9.8CVSS8.7AI score0.0036EPSS
CVE
CVE
added 2019/01/29 5:0 p.m.169 views

CVE-2019-3806

PowerDNS Recursor (pdns-recursor) version range affected: after 4.1.3 up to before 4.1.9. The issue stems from Lua hooks not being properly applied to TCP queries in certain settings, potentially bypassing security policies enforced via Lua. Exploitation details are not provided in the supplied d...

8.1CVSS7.8AI score0.0146EPSS
CVE
CVE
added 2018/07/27 3:0 p.m.136 views

CVE-2017-15120

CVE-2017-15120 affects PowerDNS Recursor prior to 4.0.8. The issue is a NULL pointer dereference caused while parsing authoritative answers, specifically when the response contains a CNAME of a different class than IN. An unauthenticated remote attacker can trigger a denial of service on vulnerab...

7.5CVSS7.3AI score0.5179EPSS
CVE
CVE
added 2023/04/04 2:37 p.m.129 views

CVE-2023-26437

CVE-2023-26437 affects the PowerDNS Recursor. A Denial of Service vulnerability allows authoritative servers to be marked unavailable in Recursor versions up to 4.6.5, 4.7.4, and 4.8.3. Public details in connected advisories show remediation via updated Recursor release (e.g., 4.8.6) in SUSE/open...

5.3CVSS4.7AI score0.00593EPSS
CVE
CVE
added 2018/09/11 1:0 p.m.125 views

CVE-2016-7074

CVE-2016-7074 affects PowerDNS (authoritative server and recursor): insufficient TSIG validation allows MITM to alter AXFR content due to missing check that the TSIG record is last, enabling parsing of records outside the TSIG scope. Affected: PowerDNS versions before 3.4.11/4.0.2 and recursor be...

5.9CVSS6.2AI score0.01222EPSS
CVE
CVE
added 2018/09/11 1:0 p.m.124 views

CVE-2016-7073

PowerDNS (authoritative server and recursor) prior to versions 3.4.11/4.0.2 and 4.0.4 respectively had a vulnerability CVE-2016-7073 where TSIG signatures were insufficiently validated during AXFR, due to a missing check of TSIG time and fudge values in AXFRRetriever. This allowed an attacker in ...

5.9CVSS6.1AI score0.01233EPSS
CVE
CVE
added 2018/11/29 6:0 p.m.124 views

CVE-2018-14626

CVE-2018-14626 affects PowerDNS: Authoritative Server 4.1.0–4.1.4 and Recursor 4.0.0–4.1.4 are vulnerable to packet cache pollution via crafted query, causing denial of service. Exploitation status not detailed in the provided docs. Remediation is to apply the vendor advisories/updates (e.g., Ubu...

7.5CVSS7.2AI score0.02721EPSS
CVE
CVE
added 2018/01/23 3:0 p.m.121 views

CVE-2017-15092

CVE-2017-15092 affects PowerDNS Recursor web interface (4.0.0–4.0.6): the qname field in DNS queries is displayed without escaping, enabling a remote attacker to inject HTML/JavaScript and alter the interface content. Connected sources confirm the issue and reference affected versions; some feeds...

6.1CVSS5.7AI score0.02275EPSS
CVE
CVE
added 2015/05/18 3:0 p.m.120 views

CVE-2015-1868

CVE-2015-1868 concerns PowerDNS components (Recursor and Authoritative Server) where the vulnerability arises from the label decompression logic. A request whose domain name refers to itself can trigger excessive CPU usage or crash the server, enabling a remote DoS. Affected: PowerDNS Recursor 3....

7.8CVSS6.3AI score0.81834EPSS
CVE
CVE
added 2018/01/23 3:0 p.m.109 views

CVE-2017-15093

CVE-2017-15093 affects PowerDNS Recursor (4.x up to 4.0.6 and 3.x up to 3.7.4). An authenticated user can modify the Recursor’s ACL by adding/removing netmasks and configure forward zones when api-config-dir is non-empty. The root cause is insufficient validation of the new netmask and IP address...

5.3CVSS5.6AI score0.00828EPSS
CVE
CVE
added 2023/01/21 12:0 a.m.108 views

CVE-2023-22617

The CVE-2023-22617 issue affects PowerDNS Recursor 4.8.0, where a remote attacker could trigger infinite recursion by processing a DNS query for DS records in a misconfigured domain, due to QName minimization in QM fallback mode. The vulnerability is mitigated by upgrading to PowerDNS Recursor 4....

7.5CVSS7.1AI score0.07323EPSS
CVE
CVE
added 2018/12/03 2:0 p.m.107 views

CVE-2018-16855

PowerDNS Recursor (pdns-recursor) before version 4.1.8 is vulnerable to an out-of-bounds memory read when computing the query hash for packet cache lookups during a DNS query, potentially crashing the process. Connected advisories indicate fixed releases (e.g., OpenSUSE/Fedora updates to 4.1.8+ a...

7.5CVSS7.3AI score0.59469EPSS
CVE
CVE
added 2018/11/09 7:0 p.m.102 views

CVE-2018-14644

PowerDNS Recursor (4.0.0–4.1.4) is affected by CVE-2018-14644. A remote attacker sending a DNS query for a meta-type such as OPT can cause a zone to be cached as failing DNSSEC validation when the parent zone is signed and all authoritative servers reply with FORMERR, resulting in ServFail respon...

5.9CVSS6.3AI score0.04839EPSS
CVE
CVE
added 2015/11/02 7:0 p.m.97 views

CVE-2015-5470

The CVE-2015-5470 issue affects PowerDNS components: Recursor (before 3.6.4) and 3.7.x before 3.7.3, and Authoritative Server (before 3.3.3 and 3.4.x before 3.4.5). Root cause is the label decompression feature allowing a remote attacker to cause a denial of service by sending a request with a lo...

7.8CVSS6.4AI score0.11284EPSS
CVE
CVE
added 2018/01/23 3:0 p.m.97 views

CVE-2017-15090

The CVE concerns PowerDNS Recursor 4.0.0–4.0.6, where the DNSSEC validation component could incorrectly accept signatures as valid even when the signed data was not within the DNSKEY signer’s bailiwick. This could let a man-in-the-middle attacker modify DNS records by issuing a valid signature fo...

5.9CVSS5.9AI score0.00611EPSS
CVE
CVE
added 2018/01/22 6:0 p.m.96 views

CVE-2018-1000003

CVE-2018-1000003 affects the DNSSEC validation component of PowerDNS Recursor (version 4.1.0). The root cause is improper input validation in the DNSSEC validators, enabling a network attacker in a man‑in‑the‑middle position to replay packets and cause the existence of some DNS data to be denied ...

4.3CVSS4.3AI score0.01287EPSS
CVE
CVE
added 2022/08/23 4:33 p.m.94 views

CVE-2022-37428

PowerDNS Recursor (versions up to 4.5.9, 4.6.2, and 4.7.1) is affected when protobuf logging is enabled. The issue is an improper cleanup upon a thrown exception which can cause a denial of service (daemon crash) via a crafted DNS query that elicits a specific response property. Public sources in...

6.5CVSS6.2AI score0.0119EPSS
CVE
CVE
added 2010/01/08 5:0 p.m.88 views

CVE-2009-4009

PowerDNS Recursor (3.x) is affected by CVE-2009-4009. The issue is a buffer overflow in the Recursor before version 3.1.7.2 that can be triggered by crafted UDP/TCP packets, leading to a daemon crash and potentially arbitrary code execution. Public sources in the connected documents consistently ...

10CVSS8AI score0.17572EPSS
CVE
CVE
added 2018/01/23 3:0 p.m.88 views

CVE-2017-15094

PowerDNS Recursor (4.0.0–4.0.6) has a memory leak in the DNSSEC parsing path when processing DNSSEC ECDSA keys with validation enabled (dnssec not off/process-no-validate). Affected component: DNSSEC parsing code in the Recursor. Impact: memory leak; no explicit exploitation details provided in t...

5.9CVSS6AI score0.03302EPSS
CVE
CVE
added 2008/04/02 5:0 p.m.77 views

CVE-2008-1637

CVE-2008-1637 affects the PowerDNS Recursor (3.x) prior to 3.1.6, due to insufficient randomness used to compute TRXID values and UDP source ports, enabling potential cache poisoning. The underlying issue involves weaknesses in the random/seeding approach (32-bit seed; time-based seeding; externa...

6.8CVSS6.2AI score0.03964EPSS
CVE
CVE
added 2010/01/08 5:0 p.m.77 views

CVE-2009-4010

PowerDNS Recursor (3.x) is affected by CVE-2009-4010, a remote spoofing vulnerability in which an attacker can craft zones to cause the server to return spoofed DNS data. The issue affects versions prior to 3.1.7.2 (as reported by multiple Nessus/OpenVAS/Gentoo entries referencing CVE-2009-4010 a...

7.5CVSS6.3AI score0.10263EPSS
CVE
CVE
added 2014/12/10 3:0 p.m.75 views

CVE-2014-8601

CVE-2014-8601 affects PowerDNS Recursor before 3.6.2, where it fails to limit delegation chaining, allowing a remote attacker to cause a denial-of-service (performance degradations) via a large or infinite number of referrals (as demonstrated by ezdns.it). The issue is addressed in PowerDNS Recur...

5CVSS6.4AI score0.73532EPSS
CVE
CVE
added 2008/07/18 4:0 p.m.72 views

CVE-2008-3217

PowerDNS Recursor before 3.1.6 has weak randomness in TRXID and UDP source port selection, enabling potential remote DNS cache poisoning. Affected: PowerDNS Recursor

6.8CVSS6.4AI score0.0181EPSS
CVE
CVE
added 2006/11/14 8:0 p.m.61 views

CVE-2006-4252

PowerDNS Recursor (3.1.3 and earlier) is affected by CVE-2006-4252: processing a CNAME record with a zero TTL can trigger an infinite loop, causing resource exhaustion and an application crash (denial of service). Affected software is the PowerDNS Recursor; remediation is to upgrade to 3.1.4 or l...

5CVSS6.4AI score0.05906EPSS
CVE
CVE
added 2006/11/14 7:0 p.m.60 views

CVE-2006-4251

PowerDNS Recursor 3.1.3 and earlier are affected by CVE-2006-4251 due to a buffer overflow in handling TCP DNS queries, potentially allowing remote code execution. Mitigation observed in connected docs: upgrade to pdns-recursor 3.1.4 or later (e.g., Debian/DSA-1211-1 and SUSE/SUSES-SA:2006:070 de...

7.5CVSS7.6AI score0.08437EPSS
CVE
CVE
added 2026/02/09 2:44 p.m.36 views

CVE-2025-59024

PowerDNS Recursor (CVE-2025-59024; also related CVE-2025-59023) is affected by cache-pollution vulnerabilities due to insufficient validation of delegation information. The issue can poison cached delegations in Recursor, with CVSS ~6.5 (Network, High impact on integrity; Availability low) as per...

6.5CVSS5.4AI score0.00122EPSS
CVE
CVE
added 2026/04/22 9:39 a.m.32 views

CVE-2026-33260

CVE-2026-33260 describes an input-validation flaw in the internal web server that can cause unlimited memory allocation when processing a web request, resulting in denial of service. The issue is documented across multiple feeds (NVD, ENISA EUVD, Debian OSV, CIRCL, etc.), all noting that the inte...

7.5CVSS5.8AI score0.00524EPSS
CVE
CVE
added 2025/12/09 9:15 a.m.31 views

CVE-2025-59030

PowerDNS Recursor is affected by CVE-2025-59030 due to insufficient validation of incoming notifies over TCP, which can lead to a denial of service. Debian notes the fix in pdns-recursor 5.2.7-0+deb13u1 for the stable TRIXIE release and recommends upgrading. Other OpenVAS/NVD references reiterate...

7.5CVSS6.3AI score0.00504EPSS
CVE
CVE
added 2026/02/09 2:44 p.m.30 views

CVE-2025-59023

CVE-2025-59023 affects PowerDNS Recursor. The vulnerability arises from insufficient validation of delegation information, which can poison cached delegations in the Recursor. Affected component is the Recursor’s handling of delegation data; the root cause is validation weaknesses in delegation i...

8.2CVSS5.4AI score0.00266EPSS
CVE
CVE
added 2026/04/22 9:37 a.m.28 views

CVE-2026-33601

The CVE-2026-33601 issue affects the zoneToCache function when fed by a malicious authoritative server. The underlying fault is a missing consistency check that can allow a crafted zone to trigger a null pointer dereference, resulting in a denial of service. Reported CVSSv3.1 metrics indicate net...

4.9CVSS5.8AI score0.00512EPSS
CVE
CVE
added 2026/04/22 9:37 a.m.24 views

CVE-2026-33257

The CVE-2026-33257 issue enables an attacker to send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. In the provided documents, no concrete product/vendor/version, root cause details ...

7.5CVSS5.8AI score0.00514EPSS
CVE
CVE
added 2026/04/22 9:40 a.m.22 views

CVE-2026-33262

CVE-2026-33262 describes insufficient validation of cookie replies, causing a null pointer dereference and denial of service. The issue arises from a missing consistency check when processing replies, with cookies disabled by default. CVSS 3.1 base score 5.9 (Network attack, high complexity, no p...

5.9CVSS5.8AI score0.00418EPSS
CVE
CVE
added 2026/04/22 9:37 a.m.18 views

CVE-2026-33256

CVE-2026-33256 affects PowerDNS Recursor: an attacker can send a network web request that triggers unbounded memory allocation in the internal web server, causing a denial of service. The internal web server is disabled by default, mitigating some exposure. Public sources (NVD, Red Hat, Debian, E...

7.5CVSS5.8AI score0.00606EPSS
CVE
CVE
added 2026/02/09 2:25 p.m.17 views

CVE-2026-24027

PDNS Recursor (PDNS-Recursor) is affected by CVE-2026-24027 (also listed with CVE-2026-0398 in Debian DSA-6134) where crafted zones can cause increased resource usage, potentially leading to a denial of service. The issue is triggered by processing crafted/ malformed zone data and is discussed in...

5.3CVSS5.4AI score0.00396EPSS
CVE
CVE
added 2026/04/22 9:33 a.m.17 views

CVE-2026-33600

CVE-2026-33600 describes a null pointer dereference in RPZ transfer caused by a missing consistency check when processing an RPZ from a malicious authoritative server, leading to denial of service. The documents reference a PowerDNS security advisory; no vendor/product version details are provide...

4.9CVSS5.8AI score0.00523EPSS
CVE
CVE
added 2025/12/09 9:16 a.m.16 views

CVE-2025-59029

PowerDNS Recursor exposes CVE-2025-59029: an attacker can trigger an assertion failure by sending crafted DNS records and then querying with qtype=ANY after records are cached. The issue affects the PowerDNS Recursor family per multiple CNVD/NVD/CVE records; the NVD metrics indicate NETWORK attac...

5.3CVSS6.2AI score0.00336EPSS
CVE
CVE
added 2026/02/09 2:20 p.m.15 views

CVE-2026-0398

PowerDNS Recursor is affected by CVE-2026-0398. The issue involves crafted DNS zones that can cause increased resource usage and crafted CNAME chains that can lead to cache poisoning in the Recursor. The available documents do not specify affected versions, exact root cause in code paths, or offi...

5.3CVSS5.5AI score0.00407EPSS
CVE
CVE
added 2026/04/22 9:38 a.m.14 views

CVE-2026-33258

PowerDNS Recursor is affected by CVE-2026-33258. A flaw allows an attacker to publish and query a crafted zone, causing allocation of large entries in negative and aggressive NSEC3 caches. This can lead to resource usage and potential denial of service; CVSS indicates high impact on availability ...

7.5CVSS5.8AI score0.00583EPSS
CVE
CVE
added 2026/04/22 9:38 a.m.13 views

CVE-2026-33259

CVE-2026-33259 affects PowerDNS Recursor RPZ handling. The issue arises when there are many concurrent transfers of the same RPZ, which can lead to inconsistent RPZ data, use-after-free, or a crash of the recursor. The root cause is described as concurrent transfers of the same RPZ zone occurring...

5CVSS5.8AI score0.00225EPSS
CVE
CVE
added 2026/04/22 9:40 a.m.12 views

CVE-2026-33261

CVE-2026-33261 describes a denial of service triggered by a zone transition from NSEC to NSEC3, linked to a null pointer access in the aggressive NSEC(3) cache. The description from CVE records (Vuln NLP) indicates internal inconsistency during the NSEC/NSEC3 transition can lead to DoS. The conne...

5.9CVSS5.8AI score0.00228EPSS