FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0aee2f13-ec1d-11e8-8c92-6805ca2fa271powerdns -- Multiple vulnerabilities

PowerDNS Team reports:

CVE-2018-10851: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record. The issue is due to the fact that some memory is allocated before the parsing and is not always properly released if the record is malformed. When the PowerDNS Authoritative Server is run inside the guardian (--guardian), or inside a supervisor like supervisord or systemd, an out-of-memory crash will lead to an automatic restart, limiting the impact to a somewhat degraded service.

CVE-2018-14626: An issue has been found in PowerDNS Authoritative Server allowing a remote user to craft a DNS query that will cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype. For a DNSSEC-signed domain, this means that DNSSEC validating clients will consider the answer to be bogus until it expires from the packet cache, leading to a denial of service.


Discovery 2018-11-06
Entry 2018-11-19
powerdns
< 4.1.5

https://doc.powerdns.com/authoritative/changelog/4.1.html
CVE-2018-10851
CVE-2018-14626
1c21f6a3-9415-11e9-95ec-6805ca2fa271powerdns -- multiple vulnerabilities

PowerDNS Team reports:

CVE-2019-10162: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.

CVE-2019-10163: An issue has been found in PowerDNS Authoritative Server allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.


Discovery 2019-06-21
Entry 2019-06-21
powerdns
< 4.1.10

https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.10
CVE-2019-10162
CVE-2019-10163
2cda5c88-add4-11ec-9bc8-6805ca2fa271powerdns -- denial of service

PowerDNS Team reports:

PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor.


Discovery 2022-03-25
Entry 2022-03-27
powerdns
eq 4.6.0

CVE-2022-27227
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html
3338f87c-3d5f-11e1-a00a-000c6eb41cf7PowerDNS -- Denial of Service Vulnerability

The PowerDNS Team reports:

Using well crafted UDP packets, one or more PowerDNS servers could be made to enter a tight packet loop, causing temporary denial of service.


Discovery 2012-01-10
Entry 2012-01-12
powerdns
powerdns-devel
< 3.0.1

CVE-2012-0206
43a7b0a7-f9bc-11d9-b473-00061bc2ad93PowerDNS -- LDAP backend fails to escape all queries

The LDAP backend in PowerDNS has issues with escaping queries which could cause connection errors. This would make it possible for a malicious user to temporarily blank domains.

This is known to affect all releases prior to 2.9.18.


Discovery 2005-07-16
Entry 2005-07-21
powerdns
< 2.9.18

CVE-2005-2302
http://doc.powerdns.com/security-policy.html
http://marc.theaimsgroup.com/?l=bugtraq&m=112155941310297&w=2
55c43f5b-5190-11e5-9ad8-14dae9d210b8powerdns -- denial of service

PowerDNS reports:

A bug was found in our DNS packet parsing/generation code, which, when exploited, can cause individual threads (disabling service) or whole processes (allowing a supervisor to restart them) to crash with just one or a few query packets.


Discovery 2015-09-02
Entry 2015-09-02
powerdns
ge 3.4.0 lt 3.4.6

https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/
CVE-2015-5230
56665ccb-8723-11e5-9b13-14dae9d210b8powerdns -- Denial of Service

PowerDNS reports:

A bug was found using afl-fuzz in our packet parsing code. This bug, when exploited, causes an assertion error and consequent termination of the the pdns_server process, causing a Denial of Service.


Discovery 2015-11-03
Entry 2015-11-09
powerdns
ge 3.4.4 lt 3.4.7

https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/
CVE-2015-5311
5a5422fd-7e1a-11d9-a9e7-0001020eed82powerdns -- DoS vulnerability

PowerDNS is vulnerable to a temporary denial-of-service vulnerability that can be triggered using a random stream of bytes.


Discovery 2004-09-18
Entry 2005-02-14
powerdns
< 2.9.17

12446
http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21
http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17
6001cfc6-9f0f-4fae-9b4f-9b8fae001425PowerDNS -- Insufficient validation in the HTTP remote backend

PowerDNS developers report:

An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode (without post=1 set), allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one, via a crafted DNS query. This can be used to cause a denial of service by preventing the remote backend from getting a response, content spoofing if the attacker can time its own query so that subsequent queries will use an attacker-controlled HTTP server instead of the configured one, and possibly information disclosure if the Authoritative Server has access to internal servers.


Discovery 2019-03-18
Entry 2019-03-19
powerdns
< 4.1.7

https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
CVE-2019-3871
61d89849-43cb-11eb-aba5-00a09858faf5powerdns -- Various issues in GSS-TSIG support

PowerDNS developers report:

A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.

A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.

A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution by sending crafted queries with a GSS-TSIG signature.


Discovery 2020-08-27
Entry 2020-12-21
powerdns
< 4.4.0

CVE-2020-24696
CVE-2020-24697
CVE-2020-24698
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
64e6006e-f009-11e4-98c6-000c292ee6b8powerdns -- Label decompression bug can cause crashes or CPU spikes

The PowerDNS project reports:

A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause service-affecting CPU spikes.


Discovery 2015-04-23
Entry 2015-05-01
Modified 2015-07-12
powerdns
< 3.4.5

powerdns-recursor
< 3.7.3

CVE-2015-1868
CVE-2015-5470
https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
http://www.openwall.com/lists/oss-security/2015/07/10/8
7d08e608-5e95-11e6-b334-002590263bf5BIND,Knot,NSD,PowerDNS -- denial over service via oversized zone transfers

ISC reports:

DNS protocols were designed with the assumption that a certain amount of trust could be presumed between the operators of primary and secondary servers for a given zone. However, in current practice some organizations have scenarios which require them to accept zone data from sources that are not fully trusted (for example: providers of secondary name service). A party who is allowed to feed data into a zone (e.g. by AXFR, IXFR, or Dynamic DNS updates) can overwhelm the server which is accepting data by intentionally or accidentally exhausting that server's memory.


Discovery 2016-07-06
Entry 2016-08-10
Modified 2017-04-24
bind99
le 9.9.9P2

bind910
le 9.10.4P2

bind911
le 9.11.0.b2

bind9-devel
le 9.12.0.a.2016.11.02

knot
knot1
< 1.6.8

knot2
< 2.3.0

nsd
< 4.1.11

powerdns
< 4.0.1

CVE-2016-6170
CVE-2016-6171
CVE-2016-6172
CVE-2016-6173
https://kb.isc.org/article/AA-01390
http://www.openwall.com/lists/oss-security/2016/07/06/4
b371db92-fe34-11ea-b90e-6805ca2fa271powerdns -- Leaking uninitialised memory through crafted zone records

PowerDNS Team reports

CVE-2020-17482: An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be inserted via AXFR.


Discovery 2020-09-22
Entry 2020-09-24
powerdns
ge 4.3.0 lt 4.3.1

ge 4.2.0 lt 4.2.3

ge 4.1.0 lt 4.1.14

https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
CVE-2020-17482
ce79167f-ee1c-11eb-9785-b42e99a1b9c3powerdns -- remotely triggered crash

powerdns reports:

PowerDNS Security Advisory 2021-01: Specific query crashes Authoritative Server


Discovery 2021-07-26
Entry 2021-07-27
powerdns
eq 4.5.0

CVE-2021-36754
https://blog.powerdns.com/2021/07/26/security-advisory-2021-01-for-powerdns-authoritative-server-4-5-0/
e3200958-dd6c-11e6-ae1b-002590263bf5powerdns -- multiple vulnerabilities

PowerDNS reports:

2016-02: Crafted queries can cause abnormal CPU usage

2016-03: Denial of service via the web server

2016-04: Insufficient validation of TSIG signatures

2016-05: Crafted zone record can cause a denial of service


Discovery 2016-12-15
Entry 2017-01-18
powerdns
< 3.4.11

ge 4.0.0 lt 4.0.2

powerdns-recursor
< 3.7.4

ge 4.0.0 lt 4.0.4

CVE-2016-7068
CVE-2016-7072
CVE-2016-7073
CVE-2016-7074
CVE-2016-2120
ports/216135
ports/216136
https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/
https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/
https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/
https://blog.powerdns.com/2017/01/13/powerdns-authoritative-server-4-0-2-released/
https://blog.powerdns.com/2017/01/13/powerdns-recursor-4-0-4-released/