Powerdns

Recursor

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2017-15094

  • EPSS 0.01%
  • Veröffentlicht 23.01.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:14:03

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting d...

4.3

CVE-2018-1000003

  • EPSS 0.02%
  • Veröffentlicht 22.01.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:23

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.

7.8

CVE-2015-5470

  • EPSS 2.32%
  • Veröffentlicht 02.11.2015 19:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a r...

7.8

CVE-2015-1868

  • EPSS 0.35%
  • Veröffentlicht 18.05.2015 15:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU c...

5

CVE-2014-8601

  • EPSS 0.89%
  • Veröffentlicht 10.12.2014 15:59:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezd...

7.5

CVE-2009-4010

  • EPSS 0.01%
  • Veröffentlicht 08.01.2010 17:30:02
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones.

10

CVE-2009-4009

  • EPSS 0.04%
  • Veröffentlicht 08.01.2010 17:30:02
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets.

6.8

CVE-2008-3217

  • EPSS 0%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of se...

6.8

CVE-2008-1637

Exploit
  • EPSS 0.03%
  • Veröffentlicht 02.04.2008 17:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random fu...

5

CVE-2006-4252

  • EPSS 0.01%
  • Veröffentlicht 14.11.2006 20:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop.