powerdns-recursor

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Resolving DNS server
Version 4.1.5-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-805 4.1.4-3 4.1.5-1 Medium Fixed
AVG-520 4.0.6-3 4.0.7-1 Medium Fixed
AVG-148 4.0.3-7 4.0.4-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2018-14644 AVG-805 Medium Yes Denial of service
An issue has been found in PowerDNS Recursor before 4.1.5 where a remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being...
CVE-2018-14626 AVG-805 Medium Yes Denial of service
An issue has been found in PowerDNS Authoritative Server before 4.1.5 and PowerDNS Recursor before 4.1.5, allowing a remote user to craft a DNS query that...
CVE-2018-10851 AVG-805 Medium Yes Denial of service
An issue has been found in PowerDNS Authoritative Server before 4.1.5 and PowerDNS Recursor before 4.1.5. The issue is due to the fact that some memory is...
CVE-2017-15094 AVG-520 Medium Yes Denial of service
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, during a code audit by Nixu, leading to a...
CVE-2017-15093 AVG-520 Medium Yes Insufficient validation
An issue has been found in the API of PowerDNS Recursor < 4.0.7, during a source code audit by Nixu. When 'api-config-dir' is set to a non-empty value,...
CVE-2017-15092 AVG-520 Medium Yes Cross-site scripting
An issue has been found in the web interface of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the qname of DNS queries was displayed...
CVE-2017-15090 AVG-520 Medium Yes Insufficient validation
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 up to and including 4.0.5, where the signatures might have been...
CVE-2016-7074 AVG-148 Medium Yes Insufficient validation
An issue has been found in PowerDNS Authoritative Server and PowerDNS Recursor allowing an attacker in position of man-in-the-middle to alter the content of...
CVE-2016-7073 AVG-148 Medium Yes Insufficient validation
An issue has been found in PowerDNS Authoritative Server and PowerDNS Recursor allowing an attacker in position of man-in-the-middle to alter the content of...
CVE-2016-7068 AVG-148 Medium Yes Denial of service
An issue has been found in PowerDNS allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending...

Advisories

Date Advisory Group Severity Description
12 Nov 2018 ASA-201811-13 AVG-805 Medium denial of service
27 Nov 2017 ASA-201711-31 AVG-520 Medium multiple issues
19 Jan 2017 ASA-201701-30 AVG-148 Medium multiple issues