CVE-2020-12244 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
An issue has been found in PowerDNS Recursor before 4.3.1 and 4.2.2 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer. This would allow an attacker in position of man-in-the-middle to send a NXDOMAIN answer for a name that does exist, bypassing DNSSEC validation.
Group Package Affected Fixed Severity Status Ticket
AVG-1163 powerdns-recursor 4.2.1-2 4.2.2-1 Medium Fixed
Date Advisory Group Package Severity Description
19 May 2020 ASA-202005-10 AVG-1163 powerdns-recursor Medium multiple issues
References
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html
https://github.com/PowerDNS/pdns/commit/4bba0ec04aacbec08fe585ad790e2e8e0cb7b04a