Vulnerabilities > Powerdns
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2023-50387 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. | 7.5 |
| 2023-04-04 | CVE-2023-26437 | Unspecified vulnerability in Powerdns Recursor Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3. | 5.3 |
| 2023-01-21 | CVE-2023-22617 | Uncontrolled Recursion vulnerability in Powerdns Recursor 4.8.0 A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. | 7.5 |
| 2022-08-23 | CVE-2022-37428 | Incomplete Cleanup vulnerability in multiple products PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. | 6.5 |
| 2022-03-25 | CVE-2022-27227 | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. | 7.5 |
| 2021-07-30 | CVE-2021-36754 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Powerdns Authoritative Server 4.5.0 PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception. | 7.5 |
| 2020-10-16 | CVE-2020-25829 | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. | 7.5 |
| 2020-10-02 | CVE-2020-24698 | Double Free vulnerability in Powerdns Authoritative An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. | 9.8 |
| 2020-10-02 | CVE-2020-24697 | Unspecified vulnerability in Powerdns Authoritative An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. | 7.5 |
| 2020-10-02 | CVE-2020-24696 | Race Condition vulnerability in Powerdns Authoritative An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. | 8.1 |