Vulnerabilities > Powerdns > Recursor > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2023-50387 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue.
7.5
2023-01-21 CVE-2023-22617 Uncontrolled Recursion vulnerability in Powerdns Recursor 4.8.0
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode.
network
low complexity
powerdns CWE-674
7.5
2022-03-25 CVE-2022-27227 In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
network
low complexity
powerdns fedoraproject
7.5
2020-10-16 CVE-2020-25829 An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5.
network
low complexity
powerdns opensuse
7.5
2020-05-19 CVE-2020-10995 Resource Exhaustion vulnerability in multiple products
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks.
network
low complexity
powerdns fedoraproject debian opensuse CWE-400
7.5
2020-05-19 CVE-2020-10030 Out-of-bounds Read vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0.
network
low complexity
powerdns CWE-125
8.8
2020-05-19 CVE-2020-12244 Improper Verification of Cryptographic Signature vulnerability in multiple products
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.
network
low complexity
powerdns fedoraproject debian opensuse CWE-347
7.5
2019-01-29 CVE-2019-3806 Unspecified vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
network
high complexity
powerdns
8.1
2018-12-03 CVE-2018-16855 Out-of-bounds Read vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
network
low complexity
powerdns CWE-125
7.5
2018-11-29 CVE-2018-14626 Unspecified vulnerability in Powerdns Authoritative and Recursor
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
network
low complexity
powerdns
7.5