[Pdns-announce] PowerDNS Recursor Security Advisory 2025-01 regarding PowerDNS Recusor 5.2.0

Otto Moerbeek otto.moerbeek at powerdns.com
Mon Apr 7 12:55:33 UTC 2025 

   Today we have released PowerDNS Recursor 5.2.1.

   This release fixes PowerDNS Security Advisory 2025-01: A crafted zone
   can lead to an illegal memory access in the Recursor. This advisory is
   also published here[1].


     __________________________________________________________________

   PowerDNS Security Advisory 2025-01: A crafted zone can lead to an illegal
   memory access in the Recursor

   CVE: CVE-2025-30195
   Date: 7th of April 2025.
   Affects: PowerDNS Recursor 5.2.0
   Not affected: PowerDNS Recursor 5.2.1 and versions before 5.2.0
   Severity: High
   Impact: Denial of service
   Exploit: This problem can be triggered by an attacker publishing a
   crafted zone
   Risk of system compromise: None
   Solution: Upgrade to patched version

   An attacker can publish a zone containing specific Resource Record
   Sets. Processing and caching results for these sets can lead to an
   illegal memory access and crash of the Recursor, causing a denial of
   service.

   CVSS Score: 7.5, see
   https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P
   R:N/UI:N/S:U/C:N/I:N/A:H&version=3.1[2]

   The remedy is: upgrade to the patched 5.2.1 version.

   We would like to thank Volodymyr Ilyin for bringing this issue to our
   attention.
     __________________________________________________________________

   Please refer to the changelog [3]and upgrade guide[4] for additional
   details.

   Please send us all feedback and issues you might have via the mailing
   list[5], or in case of a bug, via GitHub[6].

   The tarball[7] (with signature file[8]) is available from our
   download server[9] and packages for several distributions are available
   from our repository[10].

   We are grateful to the PowerDNS community for the reporting of bugs,
   issues, feature requests, and especially to the submitters of fixes and
   implementations of features.

References

   1. https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html
   2. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1
   3. https://doc.powerdns.com/recursor/changelog/5.2.html#change-5.2.1
   4. https://docs.powerdns.com/recursor/upgrade.html
   5. https://mailman.powerdns.com/mailman/listinfo/pdns-users
   6. https://github.com/PowerDNS/pdns/issues/new/choose
   7. https://downloads.powerdns.com/releases/pdns-recursor-5.2.1.tar.bz2
   8. https://downloads.powerdns.com/releases/pdns-recursor-5.2.1.tar.bz2.sig
   9. https://downloads.powerdns.com/releases/
  10. https://repo.powerdns.com/


--

kind regards,
Otto Moerbeek
Senior Developer PowerDNS


Phone: +49 2761 75252 00 Fax: +49 2761 75252 30
Email: otto.moerbeek at open-xchange.com


-------------------------------------------------------------------------------------
Open-Xchange AG, Hohenzollernring 72, 50672 Cologne, District Court Cologne HRB 95366
Managing Board: Andreas Gauger, Dirk Valbert, Frank Hoberg, Stephan Martin
Chairman of the Board: Dr. Paul-Josef Patt

PowerDNS.COM BV, Koninginnegracht 5, 2514 AA Den Haag, The Netherlands
Managing Director: Robert Brandt
-------------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-announce/attachments/20250407/06c1c92c/attachment.sig>

More information about the Pdns-announce mailing list