VuXML ID | Description |
5418b360-29cc-11ed-a6d4-6805ca2fa271 | powerdns-recursor -- denial of service
PowerDNS Team reports:
PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation.
Discovery 2022-08-23 Entry 2022-09-01 powerdns-recursor
< 4.7.2
< 4.6.3
< 4.5.10
CVE-2022-37428
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
|
40d92cc5-1e2b-11e9-bef6-6805ca2fa271 | powerdns-recursor -- multiple vulnerabilities
PowerDNS Team reports:
CVE-2019-3806: An issue has been found in PowerDNS Recursor where Lua hooks are
not properly applied to queries received over TCP in some specific combination of
settings, possibly bypassing security policies enforced using Lua.
When the recursor is configured to run with more than one thread (threads=X) and to
do the distribution of incoming queries to the worker threads itself
(pdns-distributes-queries=yes), the Lua script is not properly loaded in the thread
handling incoming TCP queries, causing the Lua hooks to not be properly applied.
CVE-2019-3807: An issue has been found in PowerDNS Recursor where records in the
answer section of responses received from authoritative servers with the AA flag not
set were not properly validated, allowing an attacker to bypass DNSSEC validation.
Discovery 2019-01-21 Entry 2019-01-22 powerdns-recursor
< 4.1.9
https://doc.powerdns.com/recursor/changelog/4.1.html
CVE-2019-3806
CVE-2019-3807
|
f6d6308a-f2ec-11e8-b005-6805ca2fa271 | powerdns-recursor -- Crafted query can cause a denial of service
powerdns Team reports:
CVE-2018-16855: An issue has been found in PowerDNS Recursor where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. When the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, a crash will lead to an automatic restart, limiting the impact to a somewhat degraded service.
Discovery 2018-11-26 Entry 2018-12-09 powerdns-recursor
< 4.1.8
https://doc.powerdns.com/recursor/changelog/4.1.html
CVE-2018-16855
|
641cd669-bc37-11ea-babf-6805ca2fa271 | powerdns-recursor -- access restriction bypass
PowerDNS Team reports:
CVE-2020-14196: An issue has been found in PowerDNS Recursor where the ACL applied to the internal
web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send
HTTP queries to the internal web server, bypassing the restriction.
In the default configuration the API webserver is not enabled. Only installations using a
non-default value for webserver and webserver-address are affected.
Discovery 2020-07-01 Entry 2020-07-02 powerdns-recursor
ge 4.3.0 lt 4.3.2
ge 4.2.0 lt 4.2.3
ge 4.1.0 lt 4.1.17
https://doc.powerdns.com/recursor/security-advisories/index.html
CVE-2020-14196
|
21a854cc-cac1-11ee-b7a7-353f1e043d9a | DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities
Simon Kelley reports:
If DNSSEC validation is enabled, then an attacker who can force a
DNS server to validate a specially crafted signed domain can use a
lot of CPU in the validator. This only affects dnsmasq installations
with DNSSEC enabled.
Stichting NLnet Labs reports:
The KeyTrap [CVE-2023-50387] vulnerability works by using a
combination of Keys (also colliding Keys), Signatures and number of
RRSETs on a malicious zone. Answers from that zone can force a
DNSSEC validator down a very CPU intensive and time costly
validation path.
The NSEC3 [CVE-2023-50868] vulnerability uses specially crafted responses on a
malicious zone with multiple NSEC3 RRSETs to force a DNSSEC
validator down a very CPU intensive and time costly NSEC3 hash
calculation path.
Discovery 2024-02-06 Entry 2024-02-13 Modified 2024-04-01 bind916
< 9.16.48
bind918
< 9.18.24
bind9-devel
< 9.19.21
dnsmasq
< 2.90
dnsmasq-devel
< 2.90
powerdns-recursor
< 5.0.2
unbound
< 1.19.1
FreeBSD
ge 14.0 lt 14.0_6
ge 13.2 lt 13.2_11
CVE-2023-50387
CVE-2023-50868
https://kb.isc.org/docs/cve-2023-50387
https://kb.isc.org/docs/cve-2023-50868
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
SA-24:03.unbound
|
a6860b11-0dee-11eb-94ff-6805ca2fa271 | powerdns-recursor -- cache pollution
PowerDNS Team reports:
CVE-2020-25829: An issue has been found in PowerDNS Recursor where a
remote attacker can cause the cached records for a given name to be
updated to the âBogusâ DNSSEC validation state, instead of their actual
DNSSEC âSecureâ state, via a DNS ANY query. This results in a denial
of service for installations that always validate (dnssec=validate)
and for clients requesting validation when on-demand validation is
enabled (dnssec=process).
Discovery 2020-10-13 Entry 2020-10-14 powerdns-recursor
ge 4.3.0 lt 4.3.5
ge 4.2.0 lt 4.2.5
ge 4.1.0 lt 4.1.18
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
CVE-2020-25829
|
5418b360-29cc-11ed-a6d4-6805ca2fa271 | powerdns-recursor -- denial of service
PowerDNS Team reports:
PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation.
Discovery 2022-08-23 Entry 2022-09-01 powerdns-recursor
< 4.7.2
< 4.6.3
< 4.5.10
CVE-2022-37428
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
|
f9c5a410-9b4e-11ea-ac3f-6805ca2fa271 | powerdns-recursor -- multiple vulnerabilities
PowerDNS Team reports:
CVE-2020-10995: An issue in the DNS protocol has been found that allow malicious parties to use
recursive DNS services to attack third party authoritative name servers. The attack uses a crafted
reply by an authoritative name server to amplify the resulting traffic between the recursive and
other authoritative name servers. Both types of service can suffer degraded performance as an effect.
CVE-2020-12244: An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in
the answer section of a NXDOMAIN response lacking an SOA were not properly validated in
SyncRes::processAnswer. This would allow an attacker in position of man-in-the-middle to send a
NXDOMAIN answer for a name that does exist, bypassing DNSSEC validation.
CVE-2020-10030: An issue has been found in PowerDNS Authoritative Server allowing an attacker
with enough privileges to change the system's hostname to cause disclosure of uninitialized memory
content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does
not null-terminate the returned string if the hostname is larger than the supplied buffer. Linux
systems are not affected because the buffer is always large enough. OpenBSD systems are not affected
because the returned hostname is always null-terminated. Under some conditions this issue can lead
to the writing of one null-byte out-of-bounds on the stack, causing a denial of service or possibly
arbitrary code execution.
Discovery 2020-05-19 Entry 2020-05-26 Modified 2020-05-29 powerdns-recursor
ge 4.3.0 lt 4.3.1
ge 4.2.0 lt 4.2.2
ge 4.1.0 lt 4.1.16
https://doc.powerdns.com/recursor/security-advisories/index.html
CVE-2020-10995
CVE-2020-12244
CVE-2020-10030
|
e15ba624-cca8-11ee-84ca-b42e991fc52e | powerdns-recursor -- Multiple Vulnerabilities
cve@mitre.org reports:
CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155
when RFC 9276 guidance is skipped) allows remote attackers to cause
a denial of service (CPU consumption for SHA-1 computations) via
DNSSEC responses in a random subdomain attack, aka the "NSEC3"
issue. The RFC 5155 specification implies that an algorithm must
perform thousands of iterations of a hash function in certain
situations.
CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035,
6840, and related RFCs) allow remote attackers to cause a denial
of service (CPU consumption) via one or more DNSSEC responses, aka
the "KeyTrap" issue. One of the concerns is that, when
there is a zone with many DNSKEY and RRSIG records, the protocol
specification implies that an algorithm must evaluate all combinations
of DNSKEY and RRSIG records.
Discovery 2024-02-14 Entry 2024-02-16 powerdns-recursor
< 5.0.2
CVE-2023-50868
https://nvd.nist.gov/vuln/detail/CVE-2023-50868
CVE-2023-50387
https://nvd.nist.gov/vuln/detail/CVE-2023-50387
|
dc33795f-ced7-11ed-b1fe-6805ca2fa271 | powerdns-recursor -- denial of service
PowerDNS Team reports:
PowerDNS Security Advisory 2023-02: Deterred spoofing attempts
can lead to authoritative servers being marked unavailable
Discovery 2023-03-29 Entry 2023-03-30 powerdns-recursor
< 4.8.4
CVE-2023-26437
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html
|
1af16f2b-023c-11ef-8791-6805ca2fa271 | powerdns-recursor -- denial of service
PowerDNS Team reports:
PowerDNS Security Advisory 2024-02: if recursive forwarding is configured,
crafted responses can lead to a denial of service in Recursor
Discovery 2024-04-24 Entry 2024-04-24 powerdns-recursor
< 5.0.4
CVE-2024-25583
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html
|
5418b360-29cc-11ed-a6d4-6805ca2fa271 | powerdns-recursor -- denial of service
PowerDNS Team reports:
PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation.
Discovery 2022-08-23 Entry 2022-09-01 powerdns-recursor
< 4.7.2
< 4.6.3
< 4.5.10
CVE-2022-37428
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
|