Previous topic

PowerDNS Security Advisory 2024-01: crafted DNSSEC records in a zone can lead to a denial of service in Recursor

Next topic

Upgrade Guide

This Page

PowerDNS Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor

  • CVE: CVE-2024-25583
  • Date: 24th of April 2024.
  • Affects: PowerDNS Recursor 4.8.7, 4.9.4 and 5.0.3; earlier versions are not affected
  • Not affected: PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4
  • Severity: High (only when using recursive forwarding)
  • Impact: Denial of service
  • Exploit: This problem can be triggered by an attacker publishing a crafted zone
  • Risk of system compromise: None
  • Solution: Upgrade to patched version

A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.

CVSS Score: 7.5, only for configurations using recursive forwarding, see

The remedy is to update to a patched version.