Recursor
Sign in to watchby PowerDNS
CVEs (26)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59023 | Hig | 0.53 | 8.2 | 0.00 | Feb 9, 2026 | Crafted delegations or IP fragments can poison cached delegations in Recursor. | |
| CVE-2025-59024 | Med | 0.42 | 6.5 | 0.00 | Feb 9, 2026 | Crafted delegations or IP fragments can poison cached delegations in Recursor. | |
| CVE-2026-33262 | Med | 0.38 | 5.9 | 0.00 | Apr 22, 2026 | An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default. | |
| CVE-2026-33261 | Med | 0.38 | 5.9 | 0.00 | Apr 22, 2026 | A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. | |
| CVE-2026-33260 | Med | 0.34 | 5.3 | 0.00 | Apr 22, 2026 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |
| CVE-2026-33258 | Med | 0.34 | 5.3 | 0.00 | Apr 22, 2026 | By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches. | |
| CVE-2026-33257 | Med | 0.34 | 5.3 | 0.00 | Apr 22, 2026 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |
| CVE-2026-33256 | Med | 0.34 | 5.3 | 0.00 | Apr 22, 2026 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |
| CVE-2026-24027 | Med | 0.34 | 5.3 | 0.00 | Feb 9, 2026 | Crafted zones can lead to increased incoming network traffic. | |
| CVE-2026-0398 | Med | 0.34 | 5.3 | 0.00 | Feb 9, 2026 | Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. | |
| CVE-2026-33259 | Med | 0.33 | 5.0 | 0.00 | Apr 22, 2026 | Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider. | |
| CVE-2026-33601 | Med | 0.29 | 4.4 | 0.00 | Apr 22, 2026 | If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. | |
| CVE-2026-33600 | Med | 0.29 | 4.4 | 0.00 | Apr 22, 2026 | An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. | |
| CVE-2025-59029 | 0.00 | — | 0.00 | Dec 9, 2025 | An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY. | ||
| CVE-2025-59030 | 0.00 | — | 0.00 | Dec 9, 2025 | An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP. | ||
| CVE-2023-26437 | 0.00 | — | 0.00 | Apr 4, 2023 | Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3. | ||
| CVE-2015-1868 | 0.00 | — | 0.01 | May 18, 2015 | The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. | ||
| CVE-2014-8601 | 0.00 | — | 0.01 | Dec 10, 2014 | PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. | ||
| CVE-2014-3614 | 0.00 | — | 0.00 | Sep 19, 2014 | Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets. | ||
| CVE-2012-1193 | 0.00 | — | 0.00 | Feb 17, 2012 | The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. |
Page 1 of 2