Vulnerabilities > Powerdns > Recursor > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2023-50387 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue.
7.5
2023-01-21 CVE-2023-22617 Uncontrolled Recursion vulnerability in Powerdns Recursor 4.8.0
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode.
network
low complexity
powerdns CWE-674
7.5
2022-03-25 CVE-2022-27227 In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
network
low complexity
powerdns fedoraproject
7.5
2020-05-19 CVE-2020-10995 Resource Exhaustion vulnerability in multiple products
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks.
network
low complexity
powerdns fedoraproject debian opensuse CWE-400
7.5
2020-05-19 CVE-2020-10030 Out-of-bounds Read vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0.
network
low complexity
powerdns CWE-125
8.8
2020-05-19 CVE-2020-12244 Improper Verification of Cryptographic Signature vulnerability in multiple products
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.
network
low complexity
powerdns fedoraproject debian opensuse CWE-347
7.5
2018-09-11 CVE-2016-7068 Resource Exhaustion vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded.
network
low complexity
powerdns debian CWE-400
7.8
2015-11-02 CVE-2015-5470 Resource Management Errors vulnerability in Powerdns Authoritative and Recursor
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself.
network
low complexity
powerdns CWE-399
7.8
2015-05-18 CVE-2015-1868 Resource Management Errors vulnerability in multiple products
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.
network
low complexity
powerdns fedoraproject CWE-399
7.8
2010-01-08 CVE-2009-4010 Remote Cache Poisoning vulnerability in PowerDNS Recursor
Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones.
network
low complexity
powerdns
7.5