CVE-2024-25590 – Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor
https://notcve.org/view.php?id=CVE-2024-25590
An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. • https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html • CWE-20: Improper Input Validation •
CVE-2023-26437 – Deterred spoofing attempts can lead to authoritative servers being marked unavailable
https://notcve.org/view.php?id=CVE-2023-26437
Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3. • https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6 •
CVE-2022-37428
https://notcve.org/view.php?id=CVE-2022-37428
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. PowerDNS Recursor versiones hasta 4.5.9, 4.6.2 y 4.7.1 incluyéndola, cuando el registro de protobufs está habilitado, presenta una limpieza inapropiada tras una excepción lanzada, conllevando a una denegación de servicio (bloqueo del demonio) por medio de una consulta DNS que conlleva a una respuesta con propiedades específicas. • https://docs.powerdns.com/recursor/lua-config/protobuf.html https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX • CWE-459: Incomplete Cleanup •