CVE-2020-12244 log

Severity Medium
Remote Yes
Type Insufficient validation
An issue has been found in PowerDNS Recursor before 4.3.1 and 4.2.2 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer. This would allow an attacker in position of man-in-the-middle to send a NXDOMAIN answer for a name that does exist, bypassing DNSSEC validation.
Group Package Affected Fixed Severity Status Ticket
AVG-1163 powerdns-recursor 4.2.1-2 4.2.2-1 Medium Fixed
Date Advisory Group Package Severity Type
19 May 2020 ASA-202005-10 AVG-1163 powerdns-recursor Medium multiple issues