Vulnerabilites related to PowerDNS - PowerDNS
CVE-2005-0428 (GCVE-0-2005-0428)
Vulnerability from cvelistv5
Published
2005-02-15 05:00
Modified
2024-08-07 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "powerdns-random-bytes-dos(19221)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19221"
},
{
"name": "GLSA-200502-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-15.xml"
},
{
"name": "12446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12446"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "powerdns-random-bytes-dos(19221)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19221"
},
{
"name": "GLSA-200502-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-15.xml"
},
{
"name": "12446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12446"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "powerdns-random-bytes-dos(19221)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19221"
},
{
"name": "GLSA-200502-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-15.xml"
},
{
"name": "12446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12446"
},
{
"name": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17"
},
{
"name": "http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21",
"refsource": "MISC",
"url": "http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0428",
"datePublished": "2005-02-15T05:00:00",
"dateReserved": "2005-02-15T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2301 (GCVE-0-2005-2301)
Vulnerability from cvelistv5
Published
2005-07-19 04:00
Modified
2024-08-07 22:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014504"
},
{
"name": "14290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014504"
},
{
"name": "14290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014504"
},
{
"name": "14290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2301",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-07T22:22:48.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15090 (GCVE-0-2017-15090)
Vulnerability from cvelistv5
Published
2018-01-23 15:00
Modified
2024-09-16 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:14.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html"
},
{
"name": "101982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerDNS",
"vendor": "PowerDNS",
"versions": [
{
"status": "affected",
"version": "from 4.0.0 and up to and including 4.0.6"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-24T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html"
},
{
"name": "101982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-11-27T00:00:00",
"ID": "CVE-2017-15090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerDNS",
"version": {
"version_data": [
{
"version_value": "from 4.0.0 and up to and including 4.0.6"
}
]
}
}
]
},
"vendor_name": "PowerDNS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html"
},
{
"name": "101982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15090",
"datePublished": "2018-01-23T15:00:00Z",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-09-16T18:38:21.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0038 (GCVE-0-2005-0038)
Vulnerability from cvelistv5
Published
2006-04-28 01:00
Modified
2024-08-07 20:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13729"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"name": "25291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-06-05T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13729"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"name": "25291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13729"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"name": "25291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25291"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0038",
"datePublished": "2006-04-28T01:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3337 (GCVE-0-2008-3337)
Vulnerability from cvelistv5
Published
2008-08-08 19:00
Modified
2024-08-07 09:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-7048",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"name": "31401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31401"
},
{
"name": "30587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30587"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "http://doc.powerdns.com/changelog.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"name": "31448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31448"
},
{
"name": "DSA-1628",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"name": "http://doc.powerdns.com/powerdns-advisory-2008-02.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"name": "33264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33264"
},
{
"name": "FEDORA-2008-7083",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"name": "[pdns-users] 20080806 Security update: PowerDNS Authoritative Server 2.9.21.1 released",
"refsource": "MLIST",
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"name": "powerdns-query-weak-security(44253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"name": "GLSA-200812-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"name": "31407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31407"
},
{
"name": "ADV-2008-2320",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3337",
"datePublished": "2008-08-08T19:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2302 (GCVE-0-2005-2302)
Vulnerability from cvelistv5
Published
2005-07-19 04:00
Modified
2024-08-07 22:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a \"blank out\" of answers to those clients that are allowed to use recursion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014504"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a \"blank out\" of answers to those clients that are allowed to use recursion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"name": "1014504",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014504"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2302",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-07T22:22:48.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2069 (GCVE-0-2006-2069)
Vulnerability from cvelistv5
Published
2006-04-27 10:00
Modified
2024-08-07 17:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17711"
},
{
"name": "powerdns-recursor-ednso-dos(26100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26100"
},
{
"name": "19831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19831"
},
{
"name": "SUSE-SR:2006:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1"
},
{
"name": "ADV-2006-1527",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1527"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17711"
},
{
"name": "powerdns-recursor-ednso-dos(26100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26100"
},
{
"name": "19831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19831"
},
{
"name": "SUSE-SR:2006:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1"
},
{
"name": "ADV-2006-1527",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1527"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17711"
},
{
"name": "powerdns-recursor-ednso-dos(26100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26100"
},
{
"name": "19831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19831"
},
{
"name": "SUSE-SR:2006:010",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20117"
},
{
"name": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1"
},
{
"name": "ADV-2006-1527",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1527"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2069",
"datePublished": "2006-04-27T10:00:00",
"dateReserved": "2006-04-26T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5277 (GCVE-0-2008-5277)
Vulnerability from cvelistv5
Published
2008-12-09 00:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-03.html"
},
{
"name": "1021304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021304"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "powerdns-chhinfo-dos(47076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47076"
},
{
"name": "SUSE-SR:2008:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32627",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32627"
},
{
"name": "32979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32979"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.powerdns.com/powerdns-advisory-2008-03.html"
},
{
"name": "1021304",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021304"
},
{
"name": "33264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33264"
},
{
"name": "powerdns-chhinfo-dos(47076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47076"
},
{
"name": "SUSE-SR:2008:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32627",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32627"
},
{
"name": "32979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32979"
},
{
"name": "GLSA-200812-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.powerdns.com/powerdns-advisory-2008-03.html",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-03.html"
},
{
"name": "1021304",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021304"
},
{
"name": "33264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33264"
},
{
"name": "powerdns-chhinfo-dos(47076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47076"
},
{
"name": "SUSE-SR:2008:027",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name": "32627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32627"
},
{
"name": "32979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32979"
},
{
"name": "GLSA-200812-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5277",
"datePublished": "2008-12-09T00:00:00",
"dateReserved": "2008-11-28T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-07-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=112155941310297&w=2 | ||
| cve@mitre.org | http://securitytracker.com/id?1014504 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2005_19_sr.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/14290 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=112155941310297&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1014504 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_19_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14290 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | powerdns | 2.9.0 | |
| powerdns | powerdns | 2.9.1 | |
| powerdns | powerdns | 2.9.2 | |
| powerdns | powerdns | 2.9.3a | |
| powerdns | powerdns | 2.9.4 | |
| powerdns | powerdns | 2.9.5 | |
| powerdns | powerdns | 2.9.6 | |
| powerdns | powerdns | 2.9.7 | |
| powerdns | powerdns | 2.9.8 | |
| powerdns | powerdns | 2.9.10 | |
| powerdns | powerdns | 2.9.11 | |
| powerdns | powerdns | 2.9.12 | |
| powerdns | powerdns | 2.9.13 | |
| powerdns | powerdns | 2.9.14 | |
| powerdns | powerdns | 2.9.15 | |
| powerdns | powerdns | 2.9.16 | |
| powerdns | powerdns | 2.9.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1E89A2-4993-4208-B67F-52B08A6F1BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B340CA64-2358-46E6-8F65-725B6ACE77D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADBB8B1-C732-49BA-9270-F5551A9E2D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "80C62126-2E61-4532-BFA2-D66FCCC8C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4472A3D7-8E17-4D80-AA2D-724C74EEF9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07CDE603-2A52-4C6F-B6A3-563D516BB4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3E5668-9B66-4C80-8C38-6FF01C342182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB793844-A30A-4F97-954B-690083E77430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B636157B-E627-4EF1-B6C2-640648C001D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "34EEA40F-CD68-4AE9-A305-402BFBEEA23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "40FFBCCC-3595-4148-A3CD-28FD390FB786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7722F1-D913-42A0-93EA-48140F47F221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16E26E04-71AA-4A00-B0EE-9A04A63ADBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4A413F4D-123A-4AA6-A097-9900F9B39817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4F03070D-C76A-4A31-AA0C-E32442EBE83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F2BE9083-C8DA-4CCB-AAA0-8E31A1C566D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "11FC77A2-E464-4832-ADCD-68D66E7CB29E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack."
},
{
"lang": "es",
"value": "PowerDNS anterior a la 2.9.18, cuando se ejecuta en LDAP, no escapa adecuadamente las peticiones LDAP, lo que permite que atacantes remotos causen una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2005-2301",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014504"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=112155941310297&w=2 | ||
| cve@mitre.org | http://securitytracker.com/id?1014504 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2005_19_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=112155941310297&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1014504 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_19_sr.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | powerdns | 2.9.0 | |
| powerdns | powerdns | 2.9.1 | |
| powerdns | powerdns | 2.9.2 | |
| powerdns | powerdns | 2.9.3a | |
| powerdns | powerdns | 2.9.4 | |
| powerdns | powerdns | 2.9.5 | |
| powerdns | powerdns | 2.9.6 | |
| powerdns | powerdns | 2.9.7 | |
| powerdns | powerdns | 2.9.8 | |
| powerdns | powerdns | 2.9.10 | |
| powerdns | powerdns | 2.9.11 | |
| powerdns | powerdns | 2.9.12 | |
| powerdns | powerdns | 2.9.13 | |
| powerdns | powerdns | 2.9.14 | |
| powerdns | powerdns | 2.9.15 | |
| powerdns | powerdns | 2.9.16 | |
| powerdns | powerdns | 2.9.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1E89A2-4993-4208-B67F-52B08A6F1BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B340CA64-2358-46E6-8F65-725B6ACE77D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADBB8B1-C732-49BA-9270-F5551A9E2D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "80C62126-2E61-4532-BFA2-D66FCCC8C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4472A3D7-8E17-4D80-AA2D-724C74EEF9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07CDE603-2A52-4C6F-B6A3-563D516BB4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3E5668-9B66-4C80-8C38-6FF01C342182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB793844-A30A-4F97-954B-690083E77430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B636157B-E627-4EF1-B6C2-640648C001D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "34EEA40F-CD68-4AE9-A305-402BFBEEA23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "40FFBCCC-3595-4148-A3CD-28FD390FB786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7722F1-D913-42A0-93EA-48140F47F221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16E26E04-71AA-4A00-B0EE-9A04A63ADBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4A413F4D-123A-4AA6-A097-9900F9B39817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4F03070D-C76A-4A31-AA0C-E32442EBE83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F2BE9083-C8DA-4CCB-AAA0-8E31A1C566D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "11FC77A2-E464-4832-ADCD-68D66E7CB29E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a \"blank out\" of answers to those clients that are allowed to use recursion."
},
{
"lang": "es",
"value": "PowerDNS anterior a la 2.9.18, cuando permite recursi\u00f3n en un rango restringido de direcciones IP, no maneja adecuadamente peticiones de clientes a los que se les deniega la recursi\u00f3n. Esto podr\u00eda causar un \"bank out\" de respuestas a aquellos clientes que s\u00ed les es permitido usar recursi\u00f3n."
}
],
"id": "CVE-2005-2302",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014504"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112155941310297\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-27 13:34
Modified
2025-04-03 01:03
Severity ?
Summary
The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1 | ||
| cve@mitre.org | http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html | ||
| cve@mitre.org | http://secunia.com/advisories/19831 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/20117 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/17711 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/1527 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/26100 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19831 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20117 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/17711 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1527 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/26100 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:powerdns:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42F3A03F-FB24-445D-A477-9109D0110BF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets."
}
],
"id": "CVE-2006-2069",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-27T13:34:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1"
},
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19831"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20117"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17711"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1527"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26100"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html | ||
| cve@mitre.org | http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en | ||
| cve@mitre.org | http://www.osvdb.org/25291 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/13729 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/25291 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/13729 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | powerdns | * | |
| powerdns | powerdns | 2.0_rc1 | |
| powerdns | powerdns | 2.8 | |
| powerdns | powerdns | 2.9.0 | |
| powerdns | powerdns | 2.9.1 | |
| powerdns | powerdns | 2.9.2 | |
| powerdns | powerdns | 2.9.3a | |
| powerdns | powerdns | 2.9.4 | |
| powerdns | powerdns | 2.9.5 | |
| powerdns | powerdns | 2.9.6 | |
| powerdns | powerdns | 2.9.7 | |
| powerdns | powerdns | 2.9.8 | |
| powerdns | powerdns | 2.9.10 | |
| powerdns | powerdns | 2.9.11 | |
| powerdns | powerdns | 2.9.12 | |
| powerdns | powerdns | 2.9.13 | |
| powerdns | powerdns | 2.9.14 | |
| powerdns | powerdns | 2.9.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:powerdns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33D4F84E-71E7-4D95-B0FF-D7254322F3A3",
"versionEndIncluding": "2.9.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8A0122-81ED-4951-BE34-9E8240FD297C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC7BEE9-06FF-487D-B77D-5F05AA5C6324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1E89A2-4993-4208-B67F-52B08A6F1BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B340CA64-2358-46E6-8F65-725B6ACE77D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADBB8B1-C732-49BA-9270-F5551A9E2D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "80C62126-2E61-4532-BFA2-D66FCCC8C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4472A3D7-8E17-4D80-AA2D-724C74EEF9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07CDE603-2A52-4C6F-B6A3-563D516BB4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3E5668-9B66-4C80-8C38-6FF01C342182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB793844-A30A-4F97-954B-690083E77430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B636157B-E627-4EF1-B6C2-640648C001D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "34EEA40F-CD68-4AE9-A305-402BFBEEA23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "40FFBCCC-3595-4148-A3CD-28FD390FB786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7722F1-D913-42A0-93EA-48140F47F221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16E26E04-71AA-4A00-B0EE-9A04A63ADBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4A413F4D-123A-4AA6-A097-9900F9B39817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4F03070D-C76A-4A31-AA0C-E32442EBE83B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop."
}
],
"id": "CVE-2005-0038",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25291"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13729"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-08 19:41
Modified
2025-04-09 00:30
Severity ?
Summary
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://doc.powerdns.com/changelog.html | ||
| cve@mitre.org | http://doc.powerdns.com/powerdns-advisory-2008-02.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | ||
| cve@mitre.org | http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html | Patch | |
| cve@mitre.org | http://secunia.com/advisories/31401 | ||
| cve@mitre.org | http://secunia.com/advisories/31407 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31448 | ||
| cve@mitre.org | http://secunia.com/advisories/31687 | ||
| cve@mitre.org | http://secunia.com/advisories/33264 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200812-19.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/30587 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2320 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/44253 | ||
| cve@mitre.org | https://www.debian.org/security/2008/dsa-1628 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://doc.powerdns.com/changelog.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://doc.powerdns.com/powerdns-advisory-2008-02.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31401 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31407 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31448 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31687 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33264 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200812-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30587 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2320 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/44253 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2008/dsa-1628 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | authoritative_server | * | |
| powerdns | powerdns | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25F615C5-BE99-4CAF-AE71-30A9B4CE747F",
"versionEndIncluding": "2.9.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF235AA-7A2C-4223-AB14-A30058546EF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217."
},
{
"lang": "es",
"value": "PowerDNS Authoritative Server versiones anteriores a 2.9.21.1 descarga peticiones malformadas, lo cual puede hacer m\u00e1s f\u00e1cil a atacantes remotos envenenar cach\u00e9s DNS de otros productos ejecut\u00e1ndose en otros servidores, una cuesti\u00f3n diferente a CVE-2008-1447 y CVE-2008-3217."
}
],
"id": "CVE-2008-3337",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-08T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"source": "cve@mitre.org",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31401"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31407"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31448"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33264"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30587"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2320"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.powerdns.com/changelog.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-02.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2008/dsa-1628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17 | ||
| cve@mitre.org | http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200502-15.xml | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/12446 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/19221 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200502-15.xml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/12446 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/19221 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8A0122-81ED-4951-BE34-9E8240FD297C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC7BEE9-06FF-487D-B77D-5F05AA5C6324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4F03070D-C76A-4A31-AA0C-E32442EBE83B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes."
},
{
"lang": "es",
"value": "El m\u00e9todo DNSPacket::expand en dnspacket.cc de PowerDNS anterior a la 2.9.17 permite a atacantes remotos causar la Denegaci\u00f3n de Servicios (DoS) mediante el env\u00edo de un flujo aleatorio de bytes."
}
],
"id": "CVE-2005-0428",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17"
},
{
"source": "cve@mitre.org",
"url": "http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12446"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ds9a.nl/cgi-bin/cvstrac/pdns/tktview?tn=21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19221"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-09 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://doc.powerdns.com/powerdns-advisory-2008-03.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html | ||
| cve@mitre.org | http://secunia.com/advisories/32979 | ||
| cve@mitre.org | http://secunia.com/advisories/33264 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200812-19.xml | ||
| cve@mitre.org | http://securitytracker.com/id?1021304 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/32627 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/47076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://doc.powerdns.com/powerdns-advisory-2008-03.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32979 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33264 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200812-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1021304 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/32627 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/47076 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| powerdns | powerdns | * | |
| powerdns | powerdns | 1.99.1 | |
| powerdns | powerdns | 1.99.2 | |
| powerdns | powerdns | 1.99.3 | |
| powerdns | powerdns | 1.99.4 | |
| powerdns | powerdns | 1.99.5 | |
| powerdns | powerdns | 1.99.6 | |
| powerdns | powerdns | 1.99.7 | |
| powerdns | powerdns | 1.99.8 | |
| powerdns | powerdns | 1.99.9 | |
| powerdns | powerdns | 1.99.10 | |
| powerdns | powerdns | 1.99.11 | |
| powerdns | powerdns | 1.99.12 | |
| powerdns | powerdns | 2.0 | |
| powerdns | powerdns | 2.0 | |
| powerdns | powerdns | 2.0 | |
| powerdns | powerdns | 2.0.1 | |
| powerdns | powerdns | 2.1 | |
| powerdns | powerdns | 2.2 | |
| powerdns | powerdns | 2.3 | |
| powerdns | powerdns | 2.4 | |
| powerdns | powerdns | 2.5 | |
| powerdns | powerdns | 2.5.1 | |
| powerdns | powerdns | 2.6 | |
| powerdns | powerdns | 2.8 | |
| powerdns | powerdns | 2.9.0 | |
| powerdns | powerdns | 2.9.1 | |
| powerdns | powerdns | 2.9.2 | |
| powerdns | powerdns | 2.9.3a | |
| powerdns | powerdns | 2.9.4 | |
| powerdns | powerdns | 2.9.5 | |
| powerdns | powerdns | 2.9.6 | |
| powerdns | powerdns | 2.9.7 | |
| powerdns | powerdns | 2.9.8 | |
| powerdns | powerdns | 2.9.10 | |
| powerdns | powerdns | 2.9.11 | |
| powerdns | powerdns | 2.9.12 | |
| powerdns | powerdns | 2.9.13 | |
| powerdns | powerdns | 2.9.14 | |
| powerdns | powerdns | 2.9.15 | |
| powerdns | powerdns | 2.9.16 | |
| powerdns | powerdns | 2.9.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:powerdns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD2312B-4B45-4615-A04B-371E899E7687",
"versionEndIncluding": "2.9.21.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9593BDE-0312-4974-9BB0-9F36A2E322CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC86997B-563C-45A1-A00E-4BA528399045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "302D8930-8978-4F96-8567-FFE729DE090B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7220C466-C380-44D1-9F34-14CE6F6C74B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B6317C-4432-4B00-A9A4-2E4E3616CD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1E7C15-C860-45EB-9765-1A0314B00E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A24A144D-DD9C-41AA-8813-520BD32BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8F9E1D-324A-4AF1-A4CC-BB1878AC651D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A076AC5F-2F6C-41B1-9ACB-EF449AE889D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1D72865C-E4EE-414E-B503-6613AE806E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "165B5D82-A9B1-4FD0-9D2E-936E9F17AB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:1.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "22CC81DB-C4D8-41E8-913D-A7AE7E944295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04B35FA9-6D67-4A72-AD4D-7DB55ABB316A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "53BFFA37-2992-4E2B-84C5-074AC5884B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A9CD23-6152-4C37-968B-3026E08075A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F54E488-7932-427D-A22A-BA49615CF49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE78107-A82E-442F-B6B6-0EBE631C7536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD20EBB-7FF5-4355-ADF8-0967BFE20BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC92BD1B-DCB7-4DB1-9B1B-6E71E04B5FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3855CD77-D3BB-4A0A-B442-EFDEB0990AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0983B0D7-07B0-4090-BCFF-244E023B38D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "058AF85E-5FF5-4FBD-8BEF-F7B227CE6BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D141A8D1-C9A0-450A-827A-A956B8D20A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC7BEE9-06FF-487D-B77D-5F05AA5C6324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1E89A2-4993-4208-B67F-52B08A6F1BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B340CA64-2358-46E6-8F65-725B6ACE77D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADBB8B1-C732-49BA-9270-F5551A9E2D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "80C62126-2E61-4532-BFA2-D66FCCC8C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4472A3D7-8E17-4D80-AA2D-724C74EEF9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07CDE603-2A52-4C6F-B6A3-563D516BB4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3E5668-9B66-4C80-8C38-6FF01C342182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB793844-A30A-4F97-954B-690083E77430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B636157B-E627-4EF1-B6C2-640648C001D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "34EEA40F-CD68-4AE9-A305-402BFBEEA23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "40FFBCCC-3595-4148-A3CD-28FD390FB786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7722F1-D913-42A0-93EA-48140F47F221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16E26E04-71AA-4A00-B0EE-9A04A63ADBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4A413F4D-123A-4AA6-A097-9900F9B39817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4F03070D-C76A-4A31-AA0C-E32442EBE83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F2BE9083-C8DA-4CCB-AAA0-8E31A1C566D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:powerdns:2.9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "11FC77A2-E464-4832-ADCD-68D66E7CB29E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query."
},
{
"lang": "es",
"value": "PowerDNS y versiones anteriores a 2.9.21.2 permite a los atacantes remotos causar una denegaci\u00f3n de servicios (ca\u00edda del daemon) a trav\u00e9s de una petici\u00f3n CH HINFO."
}
],
"id": "CVE-2008-5277",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-09T00:30:00.317",
"references": [
{
"source": "cve@mitre.org",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-03.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32979"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33264"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021304"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32627"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.powerdns.com/powerdns-advisory-2008-03.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200812-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}