CVSS: 7.8EPSS: 5%CPEs: 3EXPL: 0CVE-2024-25590 – Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor
https://notcve.org/view.php?id=CVE-2024-25590
03 Oct 2024 — An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. Toshifumi Sakaguchi discovered that too permissive parsing of some resource record sets in the zone file parsing of PDNS Recursor could result in denial of service. • https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-25583 – Crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured
https://notcve.org/view.php?id=CVE-2024-25583
25 Apr 2024 — A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. Una respuesta manipulada desde un servidor ascendente al que se ha configurado el recursor para reenviar puede causar una denegación de servicio en el recursor. La configuración predeterminada del Recursor no utiliza el reenvío recursivo y no se ve afectada. It was disc... • http://www.openwall.com/lists/oss-security/2024/04/24/1 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 29%CPEs: 21EXPL: 3CVE-2023-50387 – bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
https://notcve.org/view.php?id=CVE-2023-50387
13 Feb 2024 — Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. Ciertos aspectos DNSSEC del protocolo DNS (en RFC 4035 y RFC relacionados) permiten a ataca... • https://github.com/knqyf263/CVE-2023-50387 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •