Powerdns

Recursor

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-59029

  • EPSS 0.01%
  • Veröffentlicht 09.12.2025 09:16:03
  • Zuletzt bearbeitet 09.12.2025 18:36:53

An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.

7.5

CVE-2025-59030

  • EPSS 0.01%
  • Veröffentlicht 09.12.2025 09:15:43
  • Zuletzt bearbeitet 09.12.2025 18:36:53

An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.

7.5

CVE-2025-30192

  • EPSS 0.03%
  • Veröffentlicht 21.07.2025 12:49:31
  • Zuletzt bearbeitet 22.07.2025 13:06:07

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining E...

7.5

CVE-2025-30195

  • EPSS 0.19%
  • Veröffentlicht 07.04.2025 13:24:17
  • Zuletzt bearbeitet 07.04.2025 16:15:25

An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patch...

7.5

CVE-2024-25590

  • EPSS 0.13%
  • Veröffentlicht 03.10.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 09:01:02

An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service.

7.5

CVE-2024-25583

  • EPSS 0.01%
  • Veröffentlicht 25.04.2024 10:15:08
  • Zuletzt bearbeitet 13.02.2025 18:17:14

A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.

7.5

CVE-2023-50868

Medienbericht Exploit
  • EPSS 13.77%
  • Veröffentlicht 14.02.2024 16:15:45
  • Zuletzt bearbeitet 23.12.2025 20:20:08

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka...

7.5

CVE-2023-50387

Medienbericht
  • EPSS 44.43%
  • Veröffentlicht 14.02.2024 16:15:45
  • Zuletzt bearbeitet 04.11.2025 19:16:14

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that,...

5.3

CVE-2023-26437

  • EPSS 0.01%
  • Veröffentlicht 04.04.2023 15:15:08
  • Zuletzt bearbeitet 13.02.2025 17:16:12

Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.

7.5

CVE-2023-22617

  • EPSS 1.06%
  • Veröffentlicht 21.01.2023 19:15:11
  • Zuletzt bearbeitet 03.04.2025 15:15:42

A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.