rpm package
suse/pdns-recursor&distro=SUSE Package Hub 15
pkg:rpm/suse/pdns-recursor&distro=SUSE%20Package%20Hub%2015
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-3807 | — | < 4.1.2-bp150.2.6.1 | 4.1.2-bp150.2.6.1 | Jan 29, 2019 | An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation. | ||
| CVE-2018-16855 | — | < 4.1.2-bp150.2.3.1 | 4.1.2-bp150.2.3.1 | Dec 3, 2018 | An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. | ||
| CVE-2018-14626 | — | < 4.1.2-bp150.2.3.1 | 4.1.2-bp150.2.3.1 | Nov 29, 2018 | PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. | ||
| CVE-2018-10851 | — | < 4.1.2-bp150.2.3.1 | 4.1.2-bp150.2.3.1 | Nov 29, 2018 | PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. | ||
| CVE-2018-14644 | — | < 4.1.2-bp150.2.3.1 | 4.1.2-bp150.2.3.1 | Nov 9, 2018 | An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authori |
- CVE-2019-3807Jan 29, 2019affected < 4.1.2-bp150.2.6.1fixed 4.1.2-bp150.2.6.1
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
- CVE-2018-16855Dec 3, 2018affected < 4.1.2-bp150.2.3.1fixed 4.1.2-bp150.2.3.1
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
- CVE-2018-14626Nov 29, 2018affected < 4.1.2-bp150.2.3.1fixed 4.1.2-bp150.2.3.1
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
- CVE-2018-10851Nov 29, 2018affected < 4.1.2-bp150.2.3.1fixed 4.1.2-bp150.2.3.1
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
- CVE-2018-14644Nov 9, 2018affected < 4.1.2-bp150.2.3.1fixed 4.1.2-bp150.2.3.1
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authori