Pdns
by PowerDNS
Source repositories
CVEs (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-7210 | Cri | 0.64 | 9.8 | 0.00 | Jun 26, 2025 | pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected. | ||
| CVE-2016-5427 | Hig | 0.54 | 7.5 | 0.63 | Sep 21, 2016 | PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query. | ||
| CVE-2016-5426 | Hig | 0.51 | 7.5 | 0.31 | Sep 21, 2016 | PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. | ||
| CVE-2026-42001 | Hig | 0.49 | 7.5 | 0.00 | May 21, 2026 | Insufficient Validation of Autoprimary SOA Queries | ||
| CVE-2025-30192 | Hig | 0.49 | 7.5 | 0.00 | Jul 21, 2025 | An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and… | ||
| CVE-2025-30195 | Hig | 0.49 | 7.5 | 0.01 | Apr 7, 2025 | An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would… | ||
| CVE-2024-25590 | Hig | 0.49 | 7.5 | 0.01 | Oct 3, 2024 | An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. | ||
| CVE-2024-25583 | Hig | 0.49 | 7.5 | 0.01 | Apr 25, 2024 | A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. | ||
| CVE-2015-5230 | Hig | 0.49 | 7.5 | 0.09 | Jan 15, 2020 | The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. | ||
| CVE-2019-10162 | Hig | 0.49 | 7.5 | 0.02 | Jul 30, 2019 | A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative… | ||
| CVE-2016-2120 | Hig | 0.49 | 7.5 | 0.02 | Nov 1, 2018 | An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to… | ||
| CVE-2026-42000 | Med | 0.44 | 6.8 | 0.00 | May 21, 2026 | Insufficient Validation of Names During AXFR | ||
| CVE-2019-3871 | Med | 0.43 | 6.5 | 0.13 | Mar 21, 2019 | A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial… | ||
| CVE-2026-42002 | Med | 0.38 | 5.9 | 0.00 | May 21, 2026 | Concurrency and locking defects in GSS-TSIG | ||
| CVE-2026-42396 | Med | 0.32 | 4.9 | 0.00 | May 21, 2026 | Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail | ||
| CVE-2026-41999 | Med | 0.31 | 4.8 | 0.00 | May 21, 2026 | Incorrect Behaviour of Views with TCP PROXY Requests | ||
| CVE-2020-17482 | Med | 0.28 | 4.3 | 0.03 | Oct 2, 2020 | An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. | ||
| CVE-2019-10203 | Med | 0.28 | 4.3 | 0.02 | Nov 22, 2019 | PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS. | ||
| CVE-2019-10163 | Med | 0.28 | 4.3 | 0.01 | Jul 30, 2019 | A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only… | ||
| CVE-2015-5470 | 0.01 | — | 0.11 | Nov 2, 2015 | The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that… |
- risk 0.64cvss 9.8epss 0.00
pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.
- risk 0.54cvss 7.5epss 0.63
PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.
- risk 0.51cvss 7.5epss 0.31
PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.
- risk 0.49cvss 7.5epss 0.00
Insufficient Validation of Autoprimary SOA Queries
- risk 0.49cvss 7.5epss 0.00
An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and…
- risk 0.49cvss 7.5epss 0.01
An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would…
- risk 0.49cvss 7.5epss 0.01
An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service.
- risk 0.49cvss 7.5epss 0.01
A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.
- risk 0.49cvss 7.5epss 0.09
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.
- risk 0.49cvss 7.5epss 0.02
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative…
- risk 0.49cvss 7.5epss 0.02
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to…
- risk 0.44cvss 6.8epss 0.00
Insufficient Validation of Names During AXFR
- risk 0.43cvss 6.5epss 0.13
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial…
- risk 0.38cvss 5.9epss 0.00
Concurrency and locking defects in GSS-TSIG
- risk 0.32cvss 4.9epss 0.00
Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
- risk 0.31cvss 4.8epss 0.00
Incorrect Behaviour of Views with TCP PROXY Requests
- risk 0.28cvss 4.3epss 0.03
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
- risk 0.28cvss 4.3epss 0.02
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
- risk 0.28cvss 4.3epss 0.01
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only…
- CVE-2015-5470Nov 2, 2015risk 0.01cvss —epss 0.11
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that…