Recursor
by PowerDNS
CVEs (47)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-59023 | Hig | 0.53 | 8.2 | 0.00 | Feb 9, 2026 | Crafted delegations or IP fragments can poison cached delegations in Recursor. | ||
| CVE-2025-30192 | Hig | 0.49 | 7.5 | 0.00 | Jul 21, 2025 | An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and… | ||
| CVE-2025-30195 | Hig | 0.49 | 7.5 | 0.01 | Apr 7, 2025 | An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would… | ||
| CVE-2024-25590 | Hig | 0.49 | 7.5 | 0.01 | Oct 3, 2024 | An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. | ||
| CVE-2024-25583 | Hig | 0.49 | 7.5 | 0.01 | Apr 25, 2024 | A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. | ||
| CVE-2025-59024 | Med | 0.42 | 6.5 | 0.00 | Feb 9, 2026 | Crafted delegations or IP fragments can poison cached delegations in Recursor. | ||
| CVE-2017-15092 | Med | 0.40 | 6.1 | 0.02 | Jan 23, 2018 | A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface,… | ||
| CVE-2026-33262 | Med | 0.38 | 5.9 | 0.00 | Apr 22, 2026 | An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default. | ||
| CVE-2026-33261 | Med | 0.38 | 5.9 | 0.00 | Apr 22, 2026 | A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. | ||
| CVE-2017-15093 | Med | 0.35 | 5.3 | 0.01 | Jan 23, 2018 | When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to… | ||
| CVE-2026-33260 | Med | 0.34 | 5.3 | 0.01 | Apr 22, 2026 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | ||
| CVE-2026-33258 | Med | 0.34 | 5.3 | 0.01 | Apr 22, 2026 | By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches. | ||
| CVE-2026-33257 | Med | 0.34 | 5.3 | 0.01 | Apr 22, 2026 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | ||
| CVE-2026-33256 | Med | 0.34 | 5.3 | 0.01 | Apr 22, 2026 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | ||
| CVE-2026-24027 | Med | 0.34 | 5.3 | 0.00 | Feb 9, 2026 | Crafted zones can lead to increased incoming network traffic. | ||
| CVE-2026-0398 | Med | 0.34 | 5.3 | 0.00 | Feb 9, 2026 | Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. | ||
| CVE-2026-33259 | Med | 0.33 | 5.0 | 0.00 | Apr 22, 2026 | Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider. | ||
| CVE-2026-33601 | Med | 0.29 | 4.4 | 0.01 | Apr 22, 2026 | If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. | ||
| CVE-2026-33600 | Med | 0.29 | 4.4 | 0.01 | Apr 22, 2026 | An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. | ||
| CVE-2015-1868 | 0.07 | — | 0.82 | May 18, 2015 | The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a… |
- risk 0.53cvss 8.2epss 0.00
Crafted delegations or IP fragments can poison cached delegations in Recursor.
- risk 0.49cvss 7.5epss 0.00
An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and…
- risk 0.49cvss 7.5epss 0.01
An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would…
- risk 0.49cvss 7.5epss 0.01
An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service.
- risk 0.49cvss 7.5epss 0.01
A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.
- risk 0.42cvss 6.5epss 0.00
Crafted delegations or IP fragments can poison cached delegations in Recursor.
- risk 0.40cvss 6.1epss 0.02
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface,…
- risk 0.38cvss 5.9epss 0.00
An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.
- risk 0.38cvss 5.9epss 0.00
A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.
- risk 0.35cvss 5.3epss 0.01
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to…
- risk 0.34cvss 5.3epss 0.01
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
- risk 0.34cvss 5.3epss 0.01
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.
- risk 0.34cvss 5.3epss 0.01
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
- risk 0.34cvss 5.3epss 0.01
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
- risk 0.34cvss 5.3epss 0.00
Crafted zones can lead to increased incoming network traffic.
- risk 0.34cvss 5.3epss 0.00
Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.
- risk 0.33cvss 5.0epss 0.00
Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.
- risk 0.29cvss 4.4epss 0.01
If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.
- risk 0.29cvss 4.4epss 0.01
An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.
- CVE-2015-1868May 18, 2015risk 0.07cvss —epss 0.82
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a…
Page 1 of 3