Search criteria
14 vulnerabilities found for authoritative_server by powerdns
CVE-2022-27227 (GCVE-0-2022-27227)
Vulnerability from nvd – Published: 2022-03-25 14:41 – Updated: 2024-08-03 05:25
VLAI?
Summary
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:32.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-07T07:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.powerdns.com/recursor/security-advisories/index.html",
"refsource": "MISC",
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/index.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html",
"refsource": "CONFIRM",
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27227",
"datePublished": "2022-03-25T14:41:44",
"dateReserved": "2022-03-17T00:00:00",
"dateUpdated": "2024-08-03T05:25:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36754 (GCVE-0-2021-36754)
Vulnerability from nvd – Published: 2021-07-27 05:35 – Updated: 2024-08-04 01:01
VLAI?
Summary
PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T19:27:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/index.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36754",
"datePublished": "2021-07-27T05:35:37",
"dateReserved": "2021-07-15T00:00:00",
"dateUpdated": "2024-08-04T01:01:58.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10203 (GCVE-0-2019-10203)
Vulnerability from nvd – Published: 2019-11-22 12:01 – Updated: 2024-08-04 22:17
VLAI?
Summary
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-681",
"description": "CWE-681",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10203",
"datePublished": "2019-11-22T12:01:13",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:17:18.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3871 (GCVE-0-2019-3871)
Vulnerability from nvd – Published: 2019-03-21 20:42 – Updated: 2024-08-04 19:19
VLAI?
Summary
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The PowerDNS Project | pdns |
Affected:
4.1.7
Affected: 4.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "The PowerDNS Project",
"versions": [
{
"status": "affected",
"version": "4.1.7"
},
{
"status": "affected",
"version": "4.0.7"
}
]
}
],
"datePublic": "2019-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-05T04:06:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "4.1.7"
},
{
"version_value": "4.0.7"
}
]
}
}
]
},
"vendor_name": "The PowerDNS Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3871",
"datePublished": "2019-03-21T20:42:35",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6172 (GCVE-0-2016-6172)
Vulnerability from nvd – Published: 2016-09-26 16:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "1036242",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036242"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/issues/4128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/issues/4133"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/pull/4134"
},
{
"name": "openSUSE-SU-2016:2116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "1036242",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036242"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/issues/4128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/issues/4133"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/pull/4134"
},
{
"name": "openSUSE-SU-2016:2116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6172",
"datePublished": "2016-09-26T16:00:00",
"dateReserved": "2016-07-06T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0206 (GCVE-0-2012-0206)
Vulnerability from nvd – Published: 2012-02-17 21:00 – Updated: 2024-09-16 17:23
VLAI?
Summary
common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-17T21:00:00Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.powerdns.com/powerdns-advisory-2012-01.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"name": "http://doc.powerdns.com/changelog.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=772570",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0206",
"datePublished": "2012-02-17T21:00:00Z",
"dateReserved": "2011-12-14T00:00:00Z",
"dateUpdated": "2024-09-16T17:23:09.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3337 (GCVE-0-2008-3337)
Vulnerability from nvd – Published: 2008-08-08 19:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "http://doc.powerdns.com/changelog.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"name": "http://doc.powerdns.com/powerdns-advisory-2008-02.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"refsource": "MLIST",
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3337",
"datePublished": "2008-08-08T19:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27227 (GCVE-0-2022-27227)
Vulnerability from cvelistv5 – Published: 2022-03-25 14:41 – Updated: 2024-08-03 05:25
VLAI?
Summary
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:32.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-07T07:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.powerdns.com/recursor/security-advisories/index.html",
"refsource": "MISC",
"url": "https://docs.powerdns.com/recursor/security-advisories/index.html"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/index.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html",
"refsource": "CONFIRM",
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"
},
{
"name": "[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/03/25/1"
},
{
"name": "FEDORA-2022-8367cefdea",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"
},
{
"name": "FEDORA-2022-6e19acf414",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"
},
{
"name": "FEDORA-2022-1df2a841e4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"
},
{
"name": "FEDORA-2022-ccfd5d1045",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27227",
"datePublished": "2022-03-25T14:41:44",
"dateReserved": "2022-03-17T00:00:00",
"dateUpdated": "2024-08-03T05:25:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36754 (GCVE-0-2021-36754)
Vulnerability from cvelistv5 – Published: 2021-07-27 05:35 – Updated: 2024-08-04 01:01
VLAI?
Summary
PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T19:27:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/index.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36754",
"datePublished": "2021-07-27T05:35:37",
"dateReserved": "2021-07-15T00:00:00",
"dateUpdated": "2024-08-04T01:01:58.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10203 (GCVE-0-2019-10203)
Vulnerability from cvelistv5 – Published: 2019-11-22 12:01 – Updated: 2024-08-04 22:17
VLAI?
Summary
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-681",
"description": "CWE-681",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10203",
"datePublished": "2019-11-22T12:01:13",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:17:18.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3871 (GCVE-0-2019-3871)
Vulnerability from cvelistv5 – Published: 2019-03-21 20:42 – Updated: 2024-08-04 19:19
VLAI?
Summary
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The PowerDNS Project | pdns |
Affected:
4.1.7
Affected: 4.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "The PowerDNS Project",
"versions": [
{
"status": "affected",
"version": "4.1.7"
},
{
"status": "affected",
"version": "4.0.7"
}
]
}
],
"datePublic": "2019-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-05T04:06:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "4.1.7"
},
{
"version_value": "4.0.7"
}
]
}
}
]
},
"vendor_name": "The PowerDNS Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190318 PowerDNS Security Advisory 2019-03",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3871"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"
},
{
"name": "107491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107491"
},
{
"name": "FEDORA-2019-b85d4171d4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWUHF6MRSQ3YO7UUISGLV7MXCAGBW2VD/"
},
{
"name": "FEDORA-2019-9993d32c48",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROFI6OTWF4GKONNSNEDUCW6LVSSEBZNF/"
},
{
"name": "[debian-lts-announce] 20190329 [SECURITY] [DLA 1737-1] pdns security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00039.html"
},
{
"name": "openSUSE-SU-2019:1128",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html"
},
{
"name": "DSA-4424",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4424"
},
{
"name": "20190404 [SECURITY] [DSA 4424-1] pdns security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3871",
"datePublished": "2019-03-21T20:42:35",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6172 (GCVE-0-2016-6172)
Vulnerability from cvelistv5 – Published: 2016-09-26 16:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "1036242",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036242"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/issues/4128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/issues/4133"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PowerDNS/pdns/pull/4134"
},
{
"name": "openSUSE-SU-2016:2116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401"
},
{
"name": "DSA-3664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3664"
},
{
"name": "1036242",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036242"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/issues/4128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/issues/4133"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PowerDNS/pdns/pull/4134"
},
{
"name": "openSUSE-SU-2016:2116",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6172",
"datePublished": "2016-09-26T16:00:00",
"dateReserved": "2016-07-06T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0206 (GCVE-0-2012-0206)
Vulnerability from cvelistv5 – Published: 2012-02-17 21:00 – Updated: 2024-09-16 17:23
VLAI?
Summary
common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-17T21:00:00Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.powerdns.com/powerdns-advisory-2012-01.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2012-01.html"
},
{
"name": "http://doc.powerdns.com/changelog.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=772570",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0206",
"datePublished": "2012-02-17T21:00:00Z",
"dateReserved": "2011-12-14T00:00:00Z",
"dateUpdated": "2024-09-16T17:23:09.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3337 (GCVE-0-2008-3337)
Vulnerability from cvelistv5 – Published: 2008-08-08 19:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "http://doc.powerdns.com/changelog.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"name": "http://doc.powerdns.com/powerdns-advisory-2008-02.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"refsource": "MLIST",
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3337",
"datePublished": "2008-08-08T19:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}