Wilco Baan

Name of the Vulnerable Software and Affected Versions: PowerDNS versions prior to 2.9.18 Description: The issue is related to PowerDNS running with an LDAP backend, where it does not properly escape LDAP queries. This allows remote attackers to cause a denial of service, resulting in the failure to answer LDAP questions, and possibly conduct an LDAP injection attack. Recommendations: For versions prior to 2.9.18, update to version 2.9.18 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: PowerDNS versions prior to 2.9.18 Description: The issue arises when PowerDNS is configured to allow recursion to a restricted range of IP addresses. In such cases, it fails to properly handle questions from clients that are denied recursion. This could lead to a situation where answers to those clients that are allowed to use recursion are "blanked out". Recommendations: For PowerDNS versions prior to 2.9.18, update to version 2.9.18 or later to resolve the issue.