VYPR

Vendor CVEs

PowerDNS

All CVEs

114 total · sorted by risk
  • CVE-2017-7557HigAug 22, 2017
    risk 0.57cvss 8.8epss 0.01

    dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.

  • CVE-2016-5427HigSep 21, 2016
    risk 0.54cvss 7.5epss 0.63

    PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.

  • CVE-2025-59023HigFeb 9, 2026
    risk 0.53cvss 8.2epss 0.00

    Crafted delegations or IP fragments can poison cached delegations in Recursor.

  • CVE-2017-15120HigJul 27, 2018
    risk 0.53cvss 7.5epss 0.52

    An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a…

  • CVE-2018-1046HigJul 16, 2018
    risk 0.51cvss 7.8epss 0.01

    pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution.…

  • CVE-2016-5426HigSep 21, 2016
    risk 0.51cvss 7.5epss 0.31

    PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.

  • CVE-2026-42001HigMay 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient Validation of Autoprimary SOA Queries

  • CVE-2026-33593HigApr 22, 2026
    risk 0.49cvss 7.5epss 0.00

    A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.

  • CVE-2025-30192HigJul 21, 2025
    risk 0.49cvss 7.5epss 0.00

    An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and…

  • CVE-2025-30193HigMay 20, 2025
    risk 0.49cvss 7.5epss 0.01

    In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist,…

  • CVE-2025-30194HigApr 29, 2025
    risk 0.49cvss 7.5epss 0.02

    When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched…

  • CVE-2025-30195HigApr 7, 2025
    risk 0.49cvss 7.5epss 0.01

    An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would…

  • CVE-2024-25590HigOct 3, 2024
    risk 0.49cvss 7.5epss 0.01

    An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service.

  • CVE-2024-25581HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing…

  • CVE-2024-25583HigApr 25, 2024
    risk 0.49cvss 7.5epss 0.01

    A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.

  • CVE-2017-15091HigJan 23, 2018
    risk 0.46cvss 7.1epss 0.01

    An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only…

  • CVE-2016-6172MedSep 26, 2016
    risk 0.45cvss 6.8epss 0.04

    PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.

  • CVE-2026-42000MedMay 21, 2026
    risk 0.44cvss 6.8epss 0.00

    Insufficient Validation of Names During AXFR

  • CVE-2026-33602MedApr 22, 2026
    risk 0.42cvss 6.5epss 0.01

    A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.

  • CVE-2026-24029MedMar 31, 2026
    risk 0.42cvss 6.5epss 0.00

    When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.

  • CVE-2025-59024MedFeb 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Crafted delegations or IP fragments can poison cached delegations in Recursor.

  • CVE-2026-33608HigApr 22, 2026
    risk 0.41cvss 7.4epss 0.00

    An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

  • CVE-2017-15092MedJan 23, 2018
    risk 0.40cvss 6.1epss 0.02

    A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface,…

  • CVE-2016-7069MedSep 11, 2018
    risk 0.39cvss 5.9epss 0.05

    An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding…

  • CVE-2017-15094MedJan 23, 2018
    risk 0.39cvss 5.9epss 0.03

    An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than…

  • CVE-2026-42002MedMay 21, 2026
    risk 0.38cvss 5.9epss 0.00

    Concurrency and locking defects in GSS-TSIG

  • CVE-2026-33262MedApr 22, 2026
    risk 0.38cvss 5.9epss 0.00

    An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.

  • CVE-2026-33261MedApr 22, 2026
    risk 0.38cvss 5.9epss 0.00

    A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.

  • CVE-2026-27853MedMar 31, 2026
    risk 0.38cvss 5.9epss 0.00

    An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and…

  • CVE-2017-15090MedJan 23, 2018
    risk 0.38cvss 5.9epss 0.01

    An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in…

  • CVE-2026-33611MedApr 22, 2026
    risk 0.35cvss 6.5epss 0.00

    An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

  • CVE-2017-15093MedJan 23, 2018
    risk 0.35cvss 5.3epss 0.01

    When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to…

  • CVE-2026-33595MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.00

    A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.

  • CVE-2026-33594MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.00

    A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.

  • CVE-2026-33254MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.00

    An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.

  • CVE-2026-33260MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.01

    An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

  • CVE-2026-33258MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.01

    By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.

  • CVE-2026-33257MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.01

    An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

  • CVE-2026-33256MedApr 22, 2026
    risk 0.34cvss 5.3epss 0.01

    An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

  • CVE-2026-24030MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.01

    An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC…

  • CVE-2026-24028MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.01

    An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory,…

  • CVE-2026-24027MedFeb 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Crafted zones can lead to increased incoming network traffic.

  • CVE-2026-0398MedFeb 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.

  • CVE-2026-33259MedApr 22, 2026
    risk 0.33cvss 5.0epss 0.00

    Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.

  • CVE-2026-42396MedMay 21, 2026
    risk 0.32cvss 4.9epss 0.00

    Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail

  • CVE-2026-41999MedMay 21, 2026
    risk 0.31cvss 4.8epss 0.00

    Incorrect Behaviour of Views with TCP PROXY Requests

  • CVE-2026-33610MedApr 22, 2026
    risk 0.31cvss 5.9epss 0.00

    A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.

  • CVE-2026-33598MedApr 22, 2026
    risk 0.31cvss 4.8epss 0.01

    A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.

  • CVE-2026-27854MedMar 31, 2026
    risk 0.31cvss 4.8epss 0.00

    An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus…

  • CVE-2026-33601MedApr 22, 2026
    risk 0.29cvss 4.4epss 0.01

    If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

Page 1 of 3