usn-7203-1
Vulnerability from osv_ubuntu
Wei Hao discovered that PowerDNS Authoritative Server incorrectly handled memory when accessing certain files. An attacker could possibly use this issue to achieve arbitrary code execution. (CVE-2018-1046)
It was discovered that PowerDNS Authoritative Server and PowerDNS Recursor incorrectly handled memory when receiving certain remote input. An attacker could possibly use this issue to cause denial of service. (CVE-2018-10851)
Kees Monshouwer discovered that PowerDNS Authoritative Server and PowerDNS Recursor incorrectly handled request validation after having cached malformed input. An attacker could possibly use this issue to cause denial of service. (CVE-2018-14626)
Toshifumi Sakaguchi discovered that PowerDNS Recursor incorrectly handled requests after having cached malformed input. An attacker could possibly use this issue to cause denial of service. (CVE-2018-14644)
Nathaniel Ferguson discovered that PowerDNS Authoritative Server incorrectly handled memory when receiving certain remote input. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-17482)
Nicolas Dehaine and Dmitry Shabanov discovered that PowerDNS Authoritative Server and PowerDNS Recursor incorrectly handled IXFR requests in certain circumstances. An attacker could possibly use this issue to cause denial of service. (CVE-2022-27227)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2018-10851",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-14626",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-14644",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-17482",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "pdns-backend-geoip",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-ldap",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-lua",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-mydns",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-mysql",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-pgsql",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-pipe",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-remote",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-sqlite3",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-tinydns",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
},
{
"binary_name": "pdns-server",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
},
{
"binary_name": "pdns-tools",
"binary_version": "4.0.0~alpha2-3ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "pdns",
"purl": "pkg:deb/ubuntu/pdns@4.0.0~alpha2-3ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.0~alpha2-3ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.4.5-1build2",
"3.4.6-2",
"3.4.6-3",
"3.4.7-1",
"3.4.7-2",
"4.0.0~alpha1-1",
"4.0.0~alpha2-2",
"4.0.0~alpha2-3",
"4.0.0~alpha2-3build1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2018-10851",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-14626",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-14644",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-17482",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "pdns-recursor",
"binary_version": "4.0.0~alpha2-2ubuntu0.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "pdns-recursor",
"purl": "pkg:deb/ubuntu/pdns-recursor@4.0.0~alpha2-2ubuntu0.1+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.0~alpha2-2ubuntu0.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.7.3-1",
"4.0.0~alpha1-1",
"4.0.0~alpha1-2",
"4.0.0~alpha2-2",
"4.0.0~alpha2-2ubuntu0.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2018-1046",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-10851",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-14626",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-14644",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-17482",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-27227",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "pdns-backend-bind",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-geoip",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-ldap",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-lua",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-mydns",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-mysql",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-odbc",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-opendbx",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-pgsql",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-pipe",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-remote",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-sqlite3",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-tinydns",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-server",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-tools",
"binary_version": "4.1.1-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "pdns",
"purl": "pkg:deb/ubuntu/pdns@4.1.1-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.1-1ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.4-2",
"4.0.4-2build1",
"4.0.5-1",
"4.1.0-1",
"4.1.0-2",
"4.1.0-2build1",
"4.1.1-1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2018-1046",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-10851",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-14626",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-14644",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-17482",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-27227",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "pdns-recursor",
"binary_version": "4.1.1-2ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "pdns-recursor",
"purl": "pkg:deb/ubuntu/pdns-recursor@4.1.1-2ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.1-2ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.6-1",
"4.0.6-1build1",
"4.0.7-1",
"4.1.1-1",
"4.1.1-1build1",
"4.1.1-2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-17482",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-27227",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "pdns-backend-bind",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-geoip",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-ldap",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-lua",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-mydns",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-mysql",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-odbc",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-pgsql",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-pipe",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-remote",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-sqlite3",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-tinydns",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-ixfrdist",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-server",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-tools",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "pdns",
"purl": "pkg:deb/ubuntu/pdns@4.2.1-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.1-1ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.1.6-3build1",
"4.2.0-1",
"4.2.1-1",
"4.2.1-1build1",
"4.2.1-1build2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-17482",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-27227",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "pdns-recursor",
"binary_version": "4.2.1-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "pdns-recursor",
"purl": "pkg:deb/ubuntu/pdns-recursor@4.2.1-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.1-1ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.2.0-6",
"4.2.1-1",
"4.2.1-1build1",
"4.2.1-1build2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-27227",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "pdns-backend-bind",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-geoip",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-ldap",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-lmdb",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-lua2",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-mysql",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-odbc",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-pgsql",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-pipe",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-remote",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-sqlite3",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-backend-tinydns",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-ixfrdist",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-server",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
},
{
"binary_name": "pdns-tools",
"binary_version": "4.5.3-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "pdns",
"purl": "pkg:deb/ubuntu/pdns@4.5.3-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.3-1ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.1-1build1",
"4.4.1-3",
"4.4.1-4",
"4.5.2-1build1",
"4.5.3-1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-27227",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "pdns-recursor",
"binary_version": "4.6.0-1ubuntu1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "pdns-recursor",
"purl": "pkg:deb/ubuntu/pdns-recursor@4.6.0-1ubuntu1+esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.6.0-1ubuntu1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.2-3",
"4.6.0-1ubuntu1"
]
}
],
"aliases": [],
"details": "Wei Hao discovered that PowerDNS Authoritative Server incorrectly handled\nmemory when accessing certain files. An attacker could possibly use this\nissue to achieve arbitrary code execution. (CVE-2018-1046)\n\nIt was discovered that PowerDNS Authoritative Server and PowerDNS Recursor\nincorrectly handled memory when receiving certain remote input. An attacker\ncould possibly use this issue to cause denial of service. (CVE-2018-10851)\n\nKees Monshouwer discovered that PowerDNS Authoritative Server and PowerDNS\nRecursor incorrectly handled request validation after having cached\nmalformed input. An attacker could possibly use this issue to cause denial\nof service. (CVE-2018-14626)\n\nToshifumi Sakaguchi discovered that PowerDNS Recursor incorrectly handled\nrequests after having cached malformed input. An attacker could possibly\nuse this issue to cause denial of service. (CVE-2018-14644)\n\nNathaniel Ferguson discovered that PowerDNS Authoritative Server\nincorrectly handled memory when receiving certain remote input. An attacker\ncould possibly use this issue to obtain sensitive information.\n(CVE-2020-17482)\n\nNicolas Dehaine and Dmitry Shabanov discovered that PowerDNS Authoritative\nServer and PowerDNS Recursor incorrectly handled IXFR requests in certain\ncircumstances. An attacker could possibly use this issue to cause denial of\nservice. (CVE-2022-27227)\n",
"id": "USN-7203-1",
"modified": "2026-06-25T10:46:38Z",
"published": "2025-01-14T13:40:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7203-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-1046"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-10851"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-14626"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-14644"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-17482"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-27227"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "pdns, pdns-recursor vulnerabilities",
"upstream": [
"UBUNTU-CVE-2018-1046",
"UBUNTU-CVE-2018-10851",
"UBUNTU-CVE-2018-14626",
"UBUNTU-CVE-2018-14644",
"UBUNTU-CVE-2020-17482",
"UBUNTU-CVE-2022-27227"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.