Matt Nordhoff

**Name of the Vulnerable Software and Affected Versions** PowerDNS Recursor versions 4.1.0 through 4.3.0 **Description** The issue concerns a lack of proper validation in the SyncRes::processAnswer function for records in the answer section of a NXDOMAIN response that lacks an SOA. This allows an attacker to bypass DNSSEC validation. The vulnerability is related to insufficient input validation in the SyncRes::processAnswer function of the PowerDNS Recursor, which could allow a remote attacker to access confidential data. **Recommendations** For PowerDNS Recursor versions 4.1.0 through 4.3.0, consider updating to a version that includes a fix for the issue in the SyncRes::processAnswer function to prevent DNSSEC validation bypass. At the moment, there is no information about a newer version that contains a fix for this vulnerability.