Kees Monshouwer

**Name of the Vulnerable Software and Affected Versions** PowerDNS Authoritative Server versions 4.1.0 through 4.1.4 PowerDNS Recursor versions 4.0.0 through 4.1.4 **Description** The issue allows for packet cache pollution via a crafted query, potentially leading to denial of service. **Recommendations** For PowerDNS Authoritative Server versions 4.1.0 through 4.1.4, update to a version that includes the fix for this issue. For PowerDNS Recursor versions 4.0.0 through 4.1.4, update to a version that includes the fix for this issue.

Name of the Vulnerable Software and Affected Versions: PowerDNS Recursor versions 4.0.0 through 4.0.6 Description: The issue is related to the DNSSEC validation component, where signatures might be accepted as valid even if the signed data is not in the bailiwick of the DNSKEY used to sign it. This could allow an attacker in a man-in-the-middle position to alter record content by issuing a valid signature for crafted records. Recommendations: For PowerDNS Recursor versions 4.0.0 through 4.0.6, update to a version that includes the fix for this issue to prevent potential exploitation.