Recursor

recursor

Vendor: Powerdns • 50 CVEs

CVEs (50)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-33601 1Powerdns 1Recursor Apr 27, 2026 Apr 22, 2026 N/A· v4 4.9 MEDIUM· v3 N/A· v2 If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.
CVE-2026-33600 1Powerdns 1Recursor Apr 27, 2026 Apr 22, 2026 N/A· v4 4.9 MEDIUM· v3 N/A· v2 An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.
CVE-2026-33262 1Powerdns 1Recursor Apr 27, 2026 Apr 22, 2026 N/A· v4 5.9 MEDIUM· v3 N/A· v2 An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.
CVE-2026-33261 1Powerdns 1Recursor Apr 27, 2026 Apr 22, 2026 N/A· v4 5.9 MEDIUM· v3 N/A· v2 A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.
CVE-2026-33260 1Powerdns 3Authoritative DnsdistRecursor Apr 27, 2026 Apr 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVE-2026-33259 1Powerdns 1Recursor Apr 27, 2026 Apr 22, 2026 N/A· v4 5.0 MEDIUM· v3 N/A· v2 Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning R...Show more Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.Show less
CVE-2026-33258 1Powerdns 1Recursor Apr 27, 2026 Apr 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.
CVE-2026-33257 1Powerdns 3Authoritative DnsdistRecursor Apr 27, 2026 Apr 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVE-2026-33256 1Powerdns 1Recursor Apr 27, 2026 Apr 22, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
CVE-2026-24027 1Powerdns 1Recursor Apr 20, 2026 Feb 9, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Crafted zones can lead to increased incoming network traffic.
CVE-2026-0398 1Powerdns 1Recursor Apr 20, 2026 Feb 9, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.
CVE-2025-59024 1Powerdns 1Recursor Apr 20, 2026 Feb 9, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Crafted delegations or IP fragments can poison cached delegations in Recursor.
CVE-2025-59023 1Powerdns 1Recursor Apr 20, 2026 Feb 9, 2026 N/A· v4 8.2 HIGH· v3 N/A· v2 Crafted delegations or IP fragments can poison cached delegations in Recursor.
CVE-2025-59030 1Powerdns 1Recursor Feb 19, 2026 Dec 9, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.
CVE-2025-59029 1Powerdns 1Recursor Feb 19, 2026 Dec 9, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.
CVE-2023-50868 6Debian FedoraprojectIsc+3 more 8Active Iq Unified Manager BindBootstrap Os+5 more Dec 23, 2025 Feb 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in...Show more The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.Show less
CVE-2023-50387 8Fedoraproject IscMicrosoft+5 more 13Bind DnsmasqEnterprise Linux+10 more Nov 4, 2025 Feb 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue...Show more Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.Show less
CVE-2023-26437 1Powerdns 1Recursor Feb 13, 2025 Apr 4, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.
CVE-2023-22617 1Powerdns 1Recursor Apr 3, 2025 Jan 21, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is...Show more A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.Show less
CVE-2022-37428 2Fedoraproject Powerdns 2Fedora Recursor Nov 21, 2024 Aug 23, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an...Show more PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.Show less

12 3 Next