Search criteria
11 vulnerabilities found for Recursor by PowerDNS
CVE-2025-59024 (GCVE-0-2025-59024)
Vulnerability from cvelistv5 – Published: 2026-02-09 14:44 – Updated: 2026-02-09 16:14
VLAI?
Title
Crafted delegations or IP fragments can poison cached delegations in Recursor
Summary
Crafted delegations or IP fragments can poison cached delegations in Recursor.
Severity ?
6.5 (Medium)
CWE
- Insufficient Verification of Data Authenticity
Assigner
References
Impacted products
Credits
Yuxiao Wu from Tsinghua University
Yunyi Zhang from Tsinghua University
Baojun Liu from Tsinghua University
Haixin Duan from Tsinghua University
Shiming Liu from Network and Information Security Lab, Tsinghua University
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T16:11:42.451186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T16:14:14.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"Synchronous Resolver"
],
"packageName": "pdns-recursor",
"product": "Recursor",
"programFiles": [
"syncres.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "5.3.1",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThan": "5.2.6",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThan": "5.1.8",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yuxiao Wu from Tsinghua University"
},
{
"lang": "en",
"type": "finder",
"value": "Yunyi Zhang from Tsinghua University"
},
{
"lang": "en",
"type": "finder",
"value": "Baojun Liu from Tsinghua University"
},
{
"lang": "en",
"type": "finder",
"value": "Haixin Duan from Tsinghua University"
},
{
"lang": "en",
"type": "finder",
"value": "Shiming Liu from Network and Information Security Lab, Tsinghua University"
}
],
"datePublic": "2025-10-15T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCrafted delegations or IP fragments can poison cached delegations in Recursor.\u003c/p\u003e"
}
],
"value": "Crafted delegations or IP fragments can poison cached delegations in Recursor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T14:44:28.523Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-06.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2025-06",
"discovery": "EXTERNAL"
},
"title": "Crafted delegations or IP fragments can poison cached delegations in Recursor",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2025-59024",
"datePublished": "2026-02-09T14:44:28.523Z",
"dateReserved": "2025-09-08T14:22:28.104Z",
"dateUpdated": "2026-02-09T16:14:14.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59023 (GCVE-0-2025-59023)
Vulnerability from cvelistv5 – Published: 2026-02-09 14:44 – Updated: 2026-02-09 16:17
VLAI?
Title
Crafted delegations or IP fragments can poison cached delegations in Recursor
Summary
Crafted delegations or IP fragments can poison cached delegations in Recursor.
Severity ?
8.2 (High)
CWE
- Insufficient Verification of Data Authenticity
Assigner
References
Impacted products
Credits
Yuxiao Wu from Tsinghua University
Yunyi Zhang from Tsinghua University
Baojun Liu from Tsinghua University
Haixin Duan from Tsinghua University
Shiming Liu from Network and Information Security Lab, Tsinghua University
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T16:17:14.896463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T16:17:46.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"Synchronous Resolver"
],
"packageName": "pdns-recursor",
"product": "Recursor",
"programFiles": [
"syncres.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "5.3.1",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThan": "5.2.6",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThan": "5.1.8",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yuxiao Wu from Tsinghua University"
},
{
"lang": "en",
"type": "finder",
"value": "Yunyi Zhang from Tsinghua University"
},
{
"lang": "en",
"type": "finder",
"value": "Baojun Liu from Tsinghua University"
},
{
"lang": "en",
"type": "finder",
"value": "Haixin Duan from Tsinghua University"
},
{
"lang": "en",
"type": "finder",
"value": "Shiming Liu from Network and Information Security Lab, Tsinghua University"
}
],
"datePublic": "2025-10-15T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCrafted delegations or IP fragments can poison cached delegations in Recursor.\u003c/p\u003e"
}
],
"value": "Crafted delegations or IP fragments can poison cached delegations in Recursor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T14:44:19.331Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-06.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2025-06",
"discovery": "EXTERNAL"
},
"title": "Crafted delegations or IP fragments can poison cached delegations in Recursor",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2025-59023",
"datePublished": "2026-02-09T14:44:19.331Z",
"dateReserved": "2025-09-08T14:22:28.104Z",
"dateUpdated": "2026-02-09T16:17:46.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24027 (GCVE-0-2026-24027)
Vulnerability from cvelistv5 – Published: 2026-02-09 14:25 – Updated: 2026-02-09 16:19
VLAI?
Title
Crafted zones can lead to increased incoming network traffic
Summary
Crafted zones can lead to increased incoming network traffic.
Severity ?
5.3 (Medium)
CWE
- Insufficient Control of Network Message Volume (Network Amplification)
Assigner
References
Impacted products
Credits
Shuhan Zhang from Tsinghua University
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T16:19:10.019094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T16:19:23.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"Synchronous Resolver"
],
"packageName": "pdns-recursor",
"product": "Recursor",
"programFiles": [
"syncres.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "5.3.5",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThan": "5.2.8",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThan": "5.1.10",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Shuhan Zhang from Tsinghua University"
}
],
"datePublic": "2026-02-09T13:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCrafted zones can lead to increased incoming network traffic.\u003c/p\u003e"
}
],
"value": "Crafted zones can lead to increased incoming network traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Control of Network Message Volume (Network Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T14:25:24.209Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2026-01",
"discovery": "EXTERNAL"
},
"title": "Crafted zones can lead to increased incoming network traffic",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2026-24027",
"datePublished": "2026-02-09T14:25:24.209Z",
"dateReserved": "2026-01-20T14:56:25.872Z",
"dateUpdated": "2026-02-09T16:19:23.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0398 (GCVE-0-2026-0398)
Vulnerability from cvelistv5 – Published: 2026-02-09 14:20 – Updated: 2026-02-09 15:37
VLAI?
Title
Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor
Summary
Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.
Severity ?
5.3 (Medium)
CWE
- Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
Credits
Yufan You from Tsinghua University
TaoFei Guo from Peking University
Yang Luo from Tsinghua University
JianJun Chen from Tsinghua University
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:36:48.242785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:37:04.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"Synchronous Resolver"
],
"packageName": "pdns-recursor",
"product": "Recursor",
"programFiles": [
"syncres.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "5.3.5",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThan": "5.2.8",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThan": "5.1.10",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yufan You from Tsinghua University"
},
{
"lang": "en",
"type": "finder",
"value": "TaoFei Guo from Peking University"
},
{
"lang": "en",
"type": "finder",
"value": "Yang Luo from Tsinghua University"
},
{
"lang": "en",
"type": "finder",
"value": "JianJun Chen from Tsinghua University"
}
],
"datePublic": "2026-02-09T13:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCrafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.\u003c/p\u003e"
}
],
"value": "Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T14:20:46.592Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2026-01",
"discovery": "EXTERNAL"
},
"title": "Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2026-0398",
"datePublished": "2026-02-09T14:20:46.592Z",
"dateReserved": "2025-11-28T09:18:07.874Z",
"dateUpdated": "2026-02-09T15:37:04.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59029 (GCVE-0-2025-59029)
Vulnerability from cvelistv5 – Published: 2025-12-09 09:16 – Updated: 2025-12-09 14:29
VLAI?
Title
Internal logic flaw in cache management can lead to a denial of service in PowerDNS Recursor
Summary
An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.
Severity ?
5.3 (Medium)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:29:51.430262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:29:55.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"Record cache"
],
"packageName": "pdns-recursor",
"product": "Recursor",
"programFiles": [
"recursor_cache.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "5.3.2",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-12-08T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.\u003c/p\u003e"
}
],
"value": "An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T09:16:03.148Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-07.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2025-07",
"discovery": "EXTERNAL"
},
"title": "Internal logic flaw in cache management can lead to a denial of service in PowerDNS Recursor",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2025-59029",
"datePublished": "2025-12-09T09:16:03.148Z",
"dateReserved": "2025-09-08T14:22:28.105Z",
"dateUpdated": "2025-12-09T14:29:55.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59030 (GCVE-0-2025-59030)
Vulnerability from cvelistv5 – Published: 2025-12-09 09:15 – Updated: 2025-12-09 14:30
VLAI?
Title
Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor
Summary
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.
Severity ?
7.5 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:30:11.421682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:30:16.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"TCP NOTIFY messages handler"
],
"packageName": "pdns-recursor",
"product": "Recursor",
"programFiles": [
"rec-tcp.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "5.3.3",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThan": "5.2.7",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThan": "5.1.9",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-12-08T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.\u003c/p\u003e"
}
],
"value": "An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T09:15:43.645Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2025-08",
"discovery": "EXTERNAL"
},
"title": "Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2025-59030",
"datePublished": "2025-12-09T09:15:43.645Z",
"dateReserved": "2025-09-08T14:22:28.105Z",
"dateUpdated": "2025-12-09T14:30:16.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30192 (GCVE-0-2025-30192)
Vulnerability from cvelistv5 – Published: 2025-07-21 12:49 – Updated: 2025-07-21 13:05
VLAI?
Title
A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts
Summary
An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries.
The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers.
The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.
Severity ?
7.5 (High)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
Impacted products
Credits
Xiang Li of AOSP Lab Nankai University
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T13:05:23.317665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T13:05:35.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "affected",
"modules": [
"resolver"
],
"packageName": "pdns-recursor",
"product": "Recursor",
"programFiles": [
"lwres.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"status": "unaffected",
"version": "5.0.12",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.1.6",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.2.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Xiang Li of AOSP Lab Nankai University"
}
],
"datePublic": "2025-05-21T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries.\u003c/p\u003e\u003cp\u003eThe updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers.\u003c/p\u003e\u003cp\u003eThe most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.\u003c/p\u003e"
}
],
"value": "An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries.\n\nThe updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers.\n\nThe most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T12:49:31.532Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-04.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2025-04",
"discovery": "EXTERNAL"
},
"title": "A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2025-30192",
"datePublished": "2025-07-21T12:49:31.532Z",
"dateReserved": "2025-03-18T08:39:46.884Z",
"dateUpdated": "2025-07-21T13:05:35.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30195 (GCVE-0-2025-30195)
Vulnerability from cvelistv5 – Published: 2025-04-07 13:24 – Updated: 2025-04-07 16:03
VLAI?
Title
A crafted zone can lead to an illegal memory access in the PowerDNS Recursor
Summary
An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service.
The remedy is: upgrade to the patched 5.2.1 version.
We would like to thank Volodymyr Ilyin for bringing this issue to our attention.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Credits
Volodymyr Ilyin
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T14:07:50.203790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T14:09:22.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-07T16:03:15.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/07/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"resolver"
],
"packageName": "pdns-recursor",
"product": "Recursor",
"programFiles": [
"syncres.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"status": "affected",
"version": "5.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Volodymyr Ilyin"
}
],
"datePublic": "2025-04-07T12:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service.\u003c/p\u003e\u003cp\u003eThe remedy is: upgrade to the patched 5.2.1 version.\u003c/p\u003e\u003cp\u003eWe would like to thank Volodymyr Ilyin for bringing this issue to our attention.\u003c/p\u003e"
}
],
"value": "An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service.\n\nThe remedy is: upgrade to the patched 5.2.1 version.\n\nWe would like to thank Volodymyr Ilyin for bringing this issue to our attention."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T13:24:17.879Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2025-01",
"discovery": "EXTERNAL"
},
"title": "A crafted zone can lead to an illegal memory access in the PowerDNS Recursor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2025-30195",
"datePublished": "2025-04-07T13:24:17.879Z",
"dateReserved": "2025-03-18T08:39:46.884Z",
"dateUpdated": "2025-04-07T16:03:15.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25590 (GCVE-0-2024-25590)
Vulnerability from cvelistv5 – Published: 2024-10-03 15:29 – Updated: 2024-10-03 18:03
VLAI?
Title
Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor
Summary
An attacker can publish a zone containing specific Resource Record Sets.
Repeatedly processing and caching results for these sets can lead to a
denial of service.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Credits
Toshifumi Sakaguchi
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T17:34:21.950059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T17:34:32.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-03T18:03:26.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"resolver"
],
"packageName": "pdns-recursor",
"product": "Recursor",
"programFiles": [
"recursor_cache.cc"
],
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"lessThan": "4.9.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.0.9",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThan": "5.1.2",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Toshifumi Sakaguchi"
}
],
"datePublic": "2024-10-03T10:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker can publish a zone containing specific Resource Record Sets.\u003c/p\u003e\u003cp\u003e Repeatedly processing and caching results for these sets can lead to a \u003c/p\u003e\u003cp\u003edenial of service.\u003c/p\u003e"
}
],
"value": "An attacker can publish a zone containing specific Resource Record Sets.\n\n Repeatedly processing and caching results for these sets can lead to a \n\ndenial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T15:29:08.765Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html"
}
],
"source": {
"advisory": "PowerDNS Security Advisory 2024-04",
"discovery": "EXTERNAL"
},
"title": "Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2024-25590",
"datePublished": "2024-10-03T15:29:08.765Z",
"dateReserved": "2024-02-08T08:15:37.205Z",
"dateUpdated": "2024-10-03T18:03:26.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25583 (GCVE-0-2024-25583)
Vulnerability from cvelistv5 – Published: 2024-04-25 09:45 – Updated: 2025-02-13 17:40
VLAI?
Title
Crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured
Summary
A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:powerdns:powerdns:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "powerdns",
"vendor": "powerdns",
"versions": [
{
"status": "affected",
"version": "4.8.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:powerdns:powerdns:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "powerdns",
"vendor": "powerdns",
"versions": [
{
"status": "affected",
"version": "4.9.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:powerdns:powerdns:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "powerdns",
"vendor": "powerdns",
"versions": [
{
"status": "affected",
"version": "5.0.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T19:14:51.254409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:23.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/24/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.powerdns.com/",
"defaultStatus": "unaffected",
"modules": [
"resolver"
],
"packageName": "pdns-recursor",
"product": "Recursor",
"repo": "https://github.com/PowerDNS/pdns",
"vendor": "PowerDNS",
"versions": [
{
"status": "affected",
"version": "4.8.7"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "5.0.3"
}
]
}
],
"datePublic": "2024-04-24T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.\u003c/p\u003e"
}
],
"value": "A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected."
}
],
"impacts": [
{
"capecId": "CAPEC-25",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-25 Forced Deadlock"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T17:09:19.889Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/24/1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured"
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2024-25583",
"datePublished": "2024-04-25T09:45:05.220Z",
"dateReserved": "2024-02-08T08:15:37.204Z",
"dateUpdated": "2025-02-13T17:40:49.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26437 (GCVE-0-2023-26437)
Vulnerability from cvelistv5 – Published: 2023-04-04 14:37 – Updated: 2025-02-13 16:44
VLAI?
Title
Deterred spoofing attempts can lead to authoritative servers being marked unavailable
Summary
Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.
Severity ?
CWE
- Denial of service
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T16:31:03.424425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T16:31:07.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Recursor",
"vendor": "PowerDNS",
"versions": [
{
"lessThanOrEqual": "4.6.5",
"status": "affected",
"version": "0",
"versionType": "range"
},
{
"lessThanOrEqual": "4.7.4",
"status": "affected",
"version": "0",
"versionType": "range"
},
{
"lessThanOrEqual": "4.8.3",
"status": "affected",
"version": "0",
"versionType": "range"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.\u003cp\u003eThis issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.\u003c/p\u003e"
}
],
"value": "Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "authoritative servers to be marked unavailable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T03:07:02.436Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to PowerDNS Recursor 4.6.6, 4.7.5 or 4.8.4. \u003cbr\u003e"
}
],
"value": "Upgrade to PowerDNS Recursor 4.6.6, 4.7.5 or 4.8.4."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Deterred spoofing attempts can lead to authoritative servers being marked unavailable",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-26437",
"datePublished": "2023-04-04T14:37:29.388Z",
"dateReserved": "2023-02-22T20:42:56.090Z",
"dateUpdated": "2025-02-13T16:44:54.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}