CVE-2022-27227

Published: Mar 25, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.

Affected (9)

Products: Powerdns: Authoritative Server, Recursor · Fedoraproject: Fedora

2 products

Authoritative Server

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Powerdns Authoritative Server	Before 4.4.3
Powerdns Authoritative Server	From 4.5.0 to 4.5.4
Powerdns Authoritative Server	From 4.6.0 to 4.6.1
Powerdns Recursor	Before 4.4.8
Powerdns Recursor	From 4.5.0 to 4.5.8
Powerdns Recursor	From 4.6.0 to 4.6.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36

References (18)

http://www.openwall.com/lists/oss-security/2022/03/25/1

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://doc.powerdns.com/authoritative/security-advisories/index.html

Source: cve@mitre.org

Vendor Advisory

https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html

Source: cve@mitre.org

Vendor Advisory

https://docs.powerdns.com/recursor/security-advisories/index.html

Source: cve@mitre.org

Vendor Advisory

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html

Source: cve@mitre.org

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2022/03/25/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

https://doc.powerdns.com/authoritative/security-advisories/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://docs.powerdns.com/recursor/security-advisories/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.