[Pdns-users] PowerDNS Recursor Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor
Peter van Dijk
peter.van.dijk at powerdns.com
Wed Apr 24 10:37:12 UTC 2024
Dear user,
Please find below a security advisory, relating to PowerDNS Recursor
4.8.7, 4.9.4 and 5.0.3 only.
When using recursive forwarding, a crafted response from an upstream
server can cause a Denial of Service in the Recursor.
=========================================================================
PowerDNS Security Advisory 2024-02: if recursive forwarding is
configured, crafted responses can lead to a denial of service in Recursor
CVE: CVE-2024-25583
Date: 24th of April 2024.
Affects: PowerDNS Recursor 4.8.7, 4.9.4 and 5.0.3, earlier versions
are not affected
Not affected: PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4
Severity: High (only when using recursive forwarding)
Impact: Denial of service
Exploit: This problem can be triggered by an attacker publishing a crafted zone
Risk of system compromise: None
Solution: Upgrade to patched version
When using recursive forwarding, a crafted response from an upstream
server can cause a Denial of Service in the Recursor. The default
configuration of the Recursor does not use recursive forwarding and is
not affected.
CVSS Score: 7.5, only for configurations using recursive forwarding, see
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1
The remedy is to update to a patched version.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 914 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20240424/2d6d732d/attachment.sig>
More information about the Pdns-users
mailing list