CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-10995
https://notcve.org/view.php?id=CVE-2020-10995
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html http://www.nxnsattack.com https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF https://www.debian.org/security/2020/dsa-4691 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10030
https://notcve.org/view.php?id=CVE-2020-10030
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-12244
https://notcve.org/view.php?id=CVE-2020-12244
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. Se detectó un problema en PowerDNS Recursor versiones 4.1.0 hasta 4.3.0, donde los registros en la sección de respuestas de una respuesta NXDOMAIN que carece de SOA no fueron comprobados apropiadamente en las función SyncRes::processAnswer, permitiendo a un atacante omitir la comprobación DNSSEC. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html http://www.openwall.com/lists/oss-security/2020/05/19/3 https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF https://www.debian.org/security/2020/dsa-4691 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10203
https://notcve.org/view.php?id=CVE-2019-10203
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS. Daemon autorizado de PowerDNS, pdns versiones 4.0.x anteriores a la versión 4.0.9, 4.1.x anteriores a 4.1.11, que se cierra cuando se encuentra una serie entre 2 ^ 31 y 2 ^ 32-1 al intentar notificar a un esclavo que conduce a DoS. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-10163
https://notcve.org/view.php?id=CVE-2019-10163
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. Se ha detectado una vulnerabilidad en Authoritative Server de PowerDNS anterior a versiones 4.1.9, 4.0.8, que permite a un servidor maestro autorizado y remoto causar una alta carga de CPU o incluso impedir actualizaciones adicionales a cualquier zona esclava mediante el envío de una gran cantidad de mensajes de NOTIFICACIÓN. Note que solo los servidores configurados como esclavos están afectados por este problema. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html • CWE-770: Allocation of Resources Without Limits or Throttling •