Search criteria
21 vulnerabilities found for authoritative_server by powerdns
FKIE_CVE-2022-27227
Vulnerability from fkie_nvd - Published: 2022-03-25 15:15 - Updated: 2024-11-21 06:55
Severity ?
Summary
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative_server | * | |
| powerdns | authoritative_server | * | |
| powerdns | authoritative_server | * | |
| powerdns | recursor | * | |
| powerdns | recursor | * | |
| powerdns | recursor | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD7F9FC-4CAE-46E3-80D5-2B9BAA9F533C",
"versionEndExcluding": "4.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34C2C5FE-1774-490E-8D58-81F1B3AC2395",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43B78B87-BE48-4512-81B4-CA185803BF9C",
"versionEndExcluding": "4.6.1",
"versionStartIncluding": "4.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D5A80E-5316-477B-938D-9AB9293010DC",
"versionEndExcluding": "4.4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6110108D-1977-4316-A0CA-B2C143786DE2",
"versionEndExcluding": "4.5.8",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7B0CEF-EBC9-4B58-9F40-E9598C39B1E0",
"versionEndExcluding": "4.6.1",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers."
},
{
"lang": "es",
"value": "En PowerDNS Authoritative Server versiones anteriores a 4.4.3, versiones 4.5.x anteriores a 4.5.4 y versiones4.6.x anteriores a 4.6.1 y PowerDNS Recursor versiones anteriores a 4.4.8, versiones 4.5.x anteriores a 4.5.8 y versiones 4.6.x anteriores a 4.6.1, una comprobaci\u00f3n insuficiente de una condici\u00f3n de fin de IXFR causa que las transferencias de zona incompletas sean manejadas como transferencias con \u00e9xito"
}
],
"id": "CVE-2022-27227",
"lastModified": "2024-11-21T06:55:27.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-25T15:15:07.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-36754
Vulnerability from fkie_nvd - Published: 2021-07-30 14:15 - Updated: 2024-11-21 06:14
Severity ?
Summary
PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3963AAF-2D8D-4205-AAA1-4D6DF5F13396",
"versionEndExcluding": "4.5.1",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception."
},
{
"lang": "es",
"value": "PowerDNS Authoritative Server versiones 4.5.0 anteriores a 4.5.1, permite a cualquiera bloquear el proceso mediante el env\u00edo de una consulta espec\u00edfica (QTYPE 65535) que causa una excepci\u00f3n fuera de l\u00edmites"
}
],
"id": "CVE-2021-36754",
"lastModified": "2024-11-21T06:14:01.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-30T14:15:18.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10203
Vulnerability from fkie_nvd - Published: 2019-11-22 13:15 - Updated: 2024-11-21 04:18
Severity ?
Summary
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative_server | * | |
| powerdns | authoritative_server | * | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB54152-CB2D-4D99-8AFB-68ACDBB726B9",
"versionEndExcluding": "4.0.9",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66585190-5768-4C89-98B5-529D9F54D7F3",
"versionEndExcluding": "4.1.11",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS."
},
{
"lang": "es",
"value": "Daemon autorizado de PowerDNS, pdns versiones 4.0.x anteriores a la versi\u00f3n 4.0.9, 4.1.x anteriores a 4.1.11, que se cierra cuando se encuentra una serie entre 2 ^ 31 y 2 ^ 32-1 al intentar notificar a un esclavo que conduce a DoS."
}
],
"id": "CVE-2019-10203",
"lastModified": "2024-11-21T04:18:38.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T13:15:11.567",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-3871
Vulnerability from fkie_nvd - Published: 2019-03-21 21:29 - Updated: 2024-11-21 04:42
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative_server | * | |
| powerdns | authoritative_server | * | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F577C5-74AC-4207-AA9A-AEE24A3DC801",
"versionEndExcluding": "4.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "823B2EF0-94CF-4B5D-B699-50D25DCAE887",
"versionEndExcluding": "4.1.7",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response"
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad en PowerDNS Authoritative Server, en versiones anteriores a la 4.0.7 y la 4.1.7. Una validaci\u00f3n de datos insuficiente de datos provenientes del usuario al construir una petici\u00f3n HTTP desde una consulta DNS en el conector HTTP del backend remoto permite que un usuario remoto provoque una denegaci\u00f3n de servicio haciendo que el servidor se conecte a un endpoint inv\u00e1lido. Adem\u00e1s, tambi\u00e9n podr\u00eda provocar una posible divulgaci\u00f3n de informaci\u00f3n haciendo que el servidor se conecte a un endpoint interno y, de alguna forma, extrayendo informaci\u00f3n importante sobre la respuesta."
}
],
"id": "CVE-2019-3871",
"lastModified": "2024-11-21T04:42:45.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T21:29:00.700",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107491"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"source": "secalert@redhat.com",
"url": "https://seclists.org/bugtraq/2019/Apr/8"
},
{
"source": "secalert@redhat.com",
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Apr/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2019/dsa-4424"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6172
Vulnerability from fkie_nvd - Published: 2016-09-26 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6BCE24C-DB2C-4592-BE28-B1CCDC959DF5",
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response."
},
{
"lang": "es",
"value": "PowerDNS (tambi\u00e9n conocido como pdns) Authoritative Server en versiones anteriores a 4.0.1 permite a servidores DNS primarios remotos provocar una denegaci\u00f3n de servicio (agotamiento de memoria y ca\u00edda del servidor DNS secundario) a trav\u00e9s de una gran respuesta (1) AXFR o (2) IXFR."
}
],
"id": "CVE-2016-6172",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-26T16:59:04.947",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/91678"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1036242"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/PowerDNS/pdns/issues/4128"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/PowerDNS/pdns/issues/4133"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/PowerDNS/pdns/pull/4134"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/PowerDNS/pdns/issues/4128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/PowerDNS/pdns/issues/4133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/PowerDNS/pdns/pull/4134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0206
Vulnerability from fkie_nvd - Published: 2012-02-17 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative_server | * | |
| powerdns | authoritative_server | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A58AB9C-5C04-4A31-86D4-3C0428B03E62",
"versionEndIncluding": "2.9.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC8EA3F-81F2-4F31-B68B-02B0539D3776",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response."
},
{
"lang": "es",
"value": "common_startup.cc en PowerDNS (tambi\u00e9n conocido como pdns) Authoritative Server anterior a v2.9.22.5 y v3.x anterior a v3.0.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle de paquete) mediante una respuesta manipulada de una respuesta DNS UDP."
}
],
"id": "CVE-2012-0206",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-17T21:55:00.870",
"references": [
{
"source": "security@debian.org",
"tags": [
"Release Notes"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3337
Vulnerability from fkie_nvd - Published: 2008-08-08 19:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative_server | * | |
| powerdns | powerdns | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25F615C5-BE99-4CAF-AE71-30A9B4CE747F",
"versionEndIncluding": "2.9.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF235AA-7A2C-4223-AB14-A30058546EF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
},
{
"lang": "es",
"value": "PowerDNS Authoritative Server versiones anteriores a 2.9.21.1 descarga peticiones malformadas, lo cual puede hacer m\u00e1s f\u00e1cil a atacantes remotos envenenar cach\u00e9s DNS de otros productos ejecut\u00e1ndose en otros servidores, una cuesti\u00f3n diferente a CVE-2008-1447 y CVE-2008-3217."
}
],
"id": "CVE-2008-3337",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-08T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"source": "cve@mitre.org",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31401"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31407"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31448"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33264"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30587"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2320"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-27227 (GCVE-0-2022-27227)
Vulnerability from cvelistv5 – Published: 2022-03-25 14:41 – Updated: 2024-08-03 05:25
VLAI?
Summary
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:32.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-07T07:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.powerdns.com/recursor/security-advisories/index.html",
"refsource": "MISC",
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/index.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html",
"refsource": "CONFIRM",
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27227",
"datePublished": "2022-03-25T14:41:44",
"dateReserved": "2022-03-17T00:00:00",
"dateUpdated": "2024-08-03T05:25:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36754 (GCVE-0-2021-36754)
Vulnerability from cvelistv5 – Published: 2021-07-27 05:35 – Updated: 2024-08-04 01:01
VLAI?
Summary
PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T19:27:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/index.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36754",
"datePublished": "2021-07-27T05:35:37",
"dateReserved": "2021-07-15T00:00:00",
"dateUpdated": "2024-08-04T01:01:58.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10203 (GCVE-0-2019-10203)
Vulnerability from cvelistv5 – Published: 2019-11-22 12:01 – Updated: 2024-08-04 22:17
VLAI?
Summary
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-681",
"description": "CWE-681",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10203",
"datePublished": "2019-11-22T12:01:13",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:17:18.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3871 (GCVE-0-2019-3871)
Vulnerability from cvelistv5 – Published: 2019-03-21 20:42 – Updated: 2024-08-04 19:19
VLAI?
Summary
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The PowerDNS Project | pdns |
Affected:
4.1.7
Affected: 4.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "The PowerDNS Project",
"versions": [
{
"status": "affected",
"version": "4.1.7"
},
{
"status": "affected",
"version": "4.0.7"
}
]
}
],
"datePublic": "2019-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-05T04:06:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "4.1.7"
},
{
"version_value": "4.0.7"
}
]
}
}
]
},
"vendor_name": "The PowerDNS Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3871",
"datePublished": "2019-03-21T20:42:35",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6172 (GCVE-0-2016-6172)
Vulnerability from cvelistv5 – Published: 2016-09-26 16:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "1036242",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036242"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/issues/4128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/issues/4133"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/pull/4134"
},
{
"name": "openSUSE-SU-2016:2116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "1036242",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036242"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/issues/4128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/issues/4133"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/pull/4134"
},
{
"name": "openSUSE-SU-2016:2116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6172",
"datePublished": "2016-09-26T16:00:00",
"dateReserved": "2016-07-06T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0206 (GCVE-0-2012-0206)
Vulnerability from cvelistv5 – Published: 2012-02-17 21:00 – Updated: 2024-09-16 17:23
VLAI?
Summary
common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-17T21:00:00Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.powerdns.com/powerdns-advisory-2012-01.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"name": "http://doc.powerdns.com/changelog.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=772570",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0206",
"datePublished": "2012-02-17T21:00:00Z",
"dateReserved": "2011-12-14T00:00:00Z",
"dateUpdated": "2024-09-16T17:23:09.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3337 (GCVE-0-2008-3337)
Vulnerability from cvelistv5 – Published: 2008-08-08 19:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "http://doc.powerdns.com/changelog.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"name": "http://doc.powerdns.com/powerdns-advisory-2008-02.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"refsource": "MLIST",
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3337",
"datePublished": "2008-08-08T19:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27227 (GCVE-0-2022-27227)
Vulnerability from nvd – Published: 2022-03-25 14:41 – Updated: 2024-08-03 05:25
VLAI?
Summary
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:32.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-07T07:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.powerdns.com/recursor/security-advisories/index.html",
"refsource": "MISC",
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/index.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html",
"refsource": "CONFIRM",
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27227",
"datePublished": "2022-03-25T14:41:44",
"dateReserved": "2022-03-17T00:00:00",
"dateUpdated": "2024-08-03T05:25:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36754 (GCVE-0-2021-36754)
Vulnerability from nvd – Published: 2021-07-27 05:35 – Updated: 2024-08-04 01:01
VLAI?
Summary
PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T19:27:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/index.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36754",
"datePublished": "2021-07-27T05:35:37",
"dateReserved": "2021-07-15T00:00:00",
"dateUpdated": "2024-08-04T01:01:58.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10203 (GCVE-0-2019-10203)
Vulnerability from nvd – Published: 2019-11-22 12:01 – Updated: 2024-08-04 22:17
VLAI?
Summary
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-681",
"description": "CWE-681",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10203",
"datePublished": "2019-11-22T12:01:13",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:17:18.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3871 (GCVE-0-2019-3871)
Vulnerability from nvd – Published: 2019-03-21 20:42 – Updated: 2024-08-04 19:19
VLAI?
Summary
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The PowerDNS Project | pdns |
Affected:
4.1.7
Affected: 4.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "The PowerDNS Project",
"versions": [
{
"status": "affected",
"version": "4.1.7"
},
{
"status": "affected",
"version": "4.0.7"
}
]
}
],
"datePublic": "2019-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-05T04:06:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "4.1.7"
},
{
"version_value": "4.0.7"
}
]
}
}
]
},
"vendor_name": "The PowerDNS Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3871",
"datePublished": "2019-03-21T20:42:35",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6172 (GCVE-0-2016-6172)
Vulnerability from nvd – Published: 2016-09-26 16:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "1036242",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036242"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/issues/4128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/issues/4133"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/pull/4134"
},
{
"name": "openSUSE-SU-2016:2116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "1036242",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036242"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/issues/4128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/issues/4133"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/pull/4134"
},
{
"name": "openSUSE-SU-2016:2116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6172",
"datePublished": "2016-09-26T16:00:00",
"dateReserved": "2016-07-06T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0206 (GCVE-0-2012-0206)
Vulnerability from nvd – Published: 2012-02-17 21:00 – Updated: 2024-09-16 17:23
VLAI?
Summary
common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-17T21:00:00Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.powerdns.com/powerdns-advisory-2012-01.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"name": "http://doc.powerdns.com/changelog.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=772570",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0206",
"datePublished": "2012-02-17T21:00:00Z",
"dateReserved": "2011-12-14T00:00:00Z",
"dateUpdated": "2024-09-16T17:23:09.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3337 (GCVE-0-2008-3337)
Vulnerability from nvd – Published: 2008-08-08 19:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "http://doc.powerdns.com/changelog.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"name": "http://doc.powerdns.com/powerdns-advisory-2008-02.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"refsource": "MLIST",
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3337",
"datePublished": "2008-08-08T19:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}