powerdns-recursor

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Resolving DNS server
Version 5.1.3-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2656 4.6.0-3 4.6.1-1 Low Fixed
AVG-1243 4.3.4-1 4.3.5-1 High Fixed
AVG-1199 4.3.1-1 4.3.2-1 Low Fixed
AVG-1163 4.2.1-2 4.2.2-1 Medium Fixed
AVG-856 4.1.8-1 4.1.9-1 Medium Fixed
AVG-821 4.1.7-1 4.1.8-1 Medium Fixed
AVG-805 4.1.4-3 4.1.5-1 Medium Fixed
AVG-520 4.0.6-3 4.0.7-1 Medium Fixed
AVG-148 4.0.3-7 4.0.4-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2022-27227 AVG-2656 Low Yes Denial of service
A denial of service issue has been found in PowerDNS Authoritative Server and PowerDNS Recursor before 4.6.1. IXFR usually exchanges only the modifications...
CVE-2020-25829 AVG-1243 High Yes Denial of service
An issue has been found in PowerDNS Recursor before 4.3.5 where a remote attacker can cause the cached records for a given name to be updated to the ‘Bogus’...
CVE-2020-14196 AVG-1199 Low Yes Access restriction bypass
An issue has been found in PowerDNS Recursor before 4.3.2 where the ACL applied to the internal web server via `webserver-allow-from` is not properly...
CVE-2020-12244 AVG-1163 Medium Yes Insufficient validation
An issue has been found in PowerDNS Recursor before 4.3.1 and 4.2.2 where records in the answer section of a NXDOMAIN response lacking an SOA were not...
CVE-2020-10995 AVG-1163 Medium Yes Denial of service
An issue has been found in PowerDNS Recursor before 4.3.1 and 4.2.2. An issue in the DNS protocol has been found that allow malicious parties to use...
CVE-2019-3807 AVG-856 Medium Yes Insufficient validation
An issue has been found in PowerDNS Recursor before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA...
CVE-2019-3806 AVG-856 Low Yes Access restriction bypass
An issue has been found in PowerDNS Recursor before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination...
CVE-2018-16855 AVG-821 Medium Yes Denial of service
An issue has been found in PowerDNS Recursor versions from 4.1.0 up to and including 4.1.7, where a remote attacker sending a DNS query can trigger an...
CVE-2018-14644 AVG-805 Medium Yes Denial of service
An issue has been found in PowerDNS Recursor before 4.1.5 where a remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being...
CVE-2018-14626 AVG-805 Medium Yes Denial of service
An issue has been found in PowerDNS Authoritative Server before 4.1.5 and PowerDNS Recursor before 4.1.5, allowing a remote user to craft a DNS query that...
CVE-2018-10851 AVG-805 Medium Yes Denial of service
An issue has been found in PowerDNS Authoritative Server before 4.1.5 and PowerDNS Recursor before 4.1.5. The issue is due to the fact that some memory is...
CVE-2017-15094 AVG-520 Medium Yes Denial of service
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, during a code audit by Nixu, leading to a...
CVE-2017-15093 AVG-520 Medium Yes Insufficient validation
An issue has been found in the API of PowerDNS Recursor < 4.0.7, during a source code audit by Nixu. When 'api-config-dir' is set to a non-empty value,...
CVE-2017-15092 AVG-520 Medium Yes Cross-site scripting
An issue has been found in the web interface of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the qname of DNS queries was displayed...
CVE-2017-15090 AVG-520 Medium Yes Insufficient validation
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 up to and including 4.0.5, where the signatures might have been...
CVE-2016-7074 AVG-148 Medium Yes Insufficient validation
An issue has been found in PowerDNS Authoritative Server and PowerDNS Recursor allowing an attacker in position of man-in-the-middle to alter the content of...
CVE-2016-7073 AVG-148 Medium Yes Insufficient validation
An issue has been found in PowerDNS Authoritative Server and PowerDNS Recursor allowing an attacker in position of man-in-the-middle to alter the content of...
CVE-2016-7068 AVG-148 Medium Yes Denial of service
An issue has been found in PowerDNS allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending...

Advisories

Date Advisory Group Severity Type
18 Oct 2020 ASA-202010-6 AVG-1243 High denial of service
19 May 2020 ASA-202005-10 AVG-1163 Medium multiple issues
24 Jan 2019 ASA-201901-13 AVG-856 Medium multiple issues
28 Nov 2018 ASA-201811-21 AVG-821 Medium denial of service
12 Nov 2018 ASA-201811-13 AVG-805 Medium denial of service
27 Nov 2017 ASA-201711-31 AVG-520 Medium multiple issues
19 Jan 2017 ASA-201701-30 AVG-148 Medium multiple issues