CVSS: 7.8EPSS: 5%CPEs: 3EXPL: 0CVE-2024-25590 – Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor
https://notcve.org/view.php?id=CVE-2024-25590
03 Oct 2024 — An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. Toshifumi Sakaguchi discovered that too permissive parsing of some resource record sets in the zone file parsing of PDNS Recursor could result in denial of service. • https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-25583 – Crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured
https://notcve.org/view.php?id=CVE-2024-25583
25 Apr 2024 — A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. Una respuesta manipulada desde un servidor ascendente al que se ha configurado el recursor para reenviar puede causar una denegación de servicio en el recursor. La configuración predeterminada del Recursor no utiliza el reenvío recursivo y no se ve afectada. It was disc... • http://www.openwall.com/lists/oss-security/2024/04/24/1 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 29%CPEs: 21EXPL: 3CVE-2023-50387 – bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
https://notcve.org/view.php?id=CVE-2023-50387
13 Feb 2024 — Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. Ciertos aspectos DNSSEC del protocolo DNS (en RFC 4035 y RFC relacionados) permiten a ataca... • https://github.com/knqyf263/CVE-2023-50387 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26437 – Deterred spoofing attempts can lead to authoritative servers being marked unavailable
https://notcve.org/view.php?id=CVE-2023-26437
04 Apr 2023 — Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3. • https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22617
https://notcve.org/view.php?id=CVE-2023-22617
21 Jan 2023 — A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1. Un atacante remoto podría provocar una recursividad infinita en PowerDNS Recursor 4.8.0 a través de una consulta DNS que recupera registros DS para un dominio mal configurado, porque la minimización de QName se utiliza en el modo de reserva de QM. Esto se solucionó en 4.8.1. • http://www.openwall.com/lists/oss-security/2023/01/20/1 • CWE-674: Uncontrolled Recursion •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-37428
https://notcve.org/view.php?id=CVE-2022-37428
23 Aug 2022 — PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. PowerDNS Recursor versiones hasta 4.5.9, 4.6.2 y 4.7.1 incluyéndola, cuando el registro de protobufs está habilitado, presenta una limpieza inapropiada tras una excepción lanzada, conllevando a una denegación de servicio (bloqueo del demonio) por medio de un... • https://docs.powerdns.com/recursor/lua-config/protobuf.html • CWE-459: Incomplete Cleanup •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-27227 – Ubuntu Security Notice USN-7203-1
https://notcve.org/view.php?id=CVE-2022-27227
25 Mar 2022 — In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. En PowerDNS Authoritative Server versiones anteriores a 4.4.3, versiones 4.5.x anteriores a 4.5.4 y versiones4.6.x anteriores a 4.6.1 y PowerDNS Recursor versiones anteriores a 4.4.8, versiones 4.5.x anteriores a 4.5.8 y ... • http://www.openwall.com/lists/oss-security/2022/03/25/1 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-25829 – Gentoo Linux Security Advisory 202012-19
https://notcve.org/view.php?id=CVE-2020-25829
16 Oct 2020 — An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). Se ha encontrado un problema en PowerDNS... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14196
https://notcve.org/view.php?id=CVE-2020-14196
01 Jul 2020 — In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. En PowerDNS Recursor versiones hasta 4.3.1, 4.2.2 y 4.1.16 incluyéndola, la ACL que restringe el acceso al servidor web interno no se aplica correctamente • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00043.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-10995
https://notcve.org/view.php?id=CVE-2020-10995
19 May 2020 — PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered b... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html • CWE-400: Uncontrolled Resource Consumption •