PT-2020-3620 · Powerdns+1 · Powerdns Recursor+1

Matt Nordhoff

Published

2020-05-19

Updated

2024-06-15

CVE-2020-12244

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions PowerDNS Recursor versions 4.1.0 through 4.3.0

Description The issue concerns a lack of proper validation in the SyncRes::processAnswer function for records in the answer section of a NXDOMAIN response that lacks an SOA. This allows an attacker to bypass DNSSEC validation. The vulnerability is related to insufficient input validation in the SyncRes::processAnswer function of the PowerDNS Recursor, which could allow a remote attacker to access confidential data.

Recommendations For PowerDNS Recursor versions 4.1.0 through 4.3.0, consider updating to a version that includes a fix for the issue in the SyncRes::processAnswer function to prevent DNSSEC validation bypass. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Verification of Cryptographic Signature

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347CWE-20

Related Identifiers

BDU:2020-03964

CVE-2020-12244

DSA-4691-1

MGASA-2020-0223

OPENSUSE-SU-2020:0698-1

OPENSUSE-SU-2020_0698-1

OPENSUSE-SU-2024:11157-1

Affected Products

Powerdns Recursor

Suse

PT-2020-3620 · Powerdns+1 · Powerdns Recursor+1

CVE-2020-12244

Weakness Enumeration

Related Identifiers

Affected Products

References · 47