Contents

Previous topic

PowerDNS Security Advisory 2024-01: crafted DNSSEC records in a zone can lead to a denial of service in Recursor

Next topic

PowerDNS Security Advisory 2024-04: Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor

This Page

  1. Docs
  2. Security Advisories
  3. PowerDNS Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor

PowerDNS Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor

  • CVE: CVE-2024-25583
  • Date: 24th of April 2024.
  • Affects: PowerDNS Recursor 4.8.7, 4.9.4 and 5.0.3; earlier versions are not affected
  • Not affected: PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4
  • Severity: High (only when using recursive forwarding)
  • Impact: Denial of service
  • Exploit: This problem can be triggered by an attacker publishing a crafted zone
  • Risk of system compromise: None
  • Solution: Upgrade to patched version

A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.

CVSS Score: 7.5, only for configurations using recursive forwarding, see https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1

The remedy is to update to a patched version.

PowerDNS Security Advisory 2024-01: crafted DNSSEC records in a zone can lead to a denial of service in Recursor
PowerDNS Security Advisory 2024-04: Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor
© Copyright PowerDNS.COM BV. Created using Sphinx.