PT-2022-18313 · Powerdns+5 · Powerdns Authoritative Server+6
Dmitry Shabanov
+1
·
Published
2022-01-18
·
Updated
2025-01-14
·
CVE-2022-27227
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
PowerDNS Authoritative Server versions 4.4.2 and earlier, 4.5.x before 4.5.4, 4.6.x before 4.6.1
PowerDNS Recursor versions 4.4.7 and earlier, 4.5.x before 4.5.8, 4.6.x before 4.6.1
Description
The issue is caused by insufficient validation of an IXFR end condition, leading to incomplete zone transfers being handled as successful transfers.
Recommendations
For PowerDNS Authoritative Server versions 4.4.2 and earlier, update to version 4.4.3 or later.
For PowerDNS Authoritative Server versions 4.5.x before 4.5.4, update to version 4.5.4 or later.
For PowerDNS Authoritative Server versions 4.6.x before 4.6.1, update to version 4.6.1 or later.
For PowerDNS Recursor versions 4.4.7 and earlier, update to version 4.4.8 or later.
For PowerDNS Recursor versions 4.5.x before 4.5.8, update to version 4.5.8 or later.
For PowerDNS Recursor versions 4.6.x before 4.6.1, update to version 4.6.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Debian
Linuxmint
Powerdns Authoritative Server
Powerdns Recursor
Suse
Ubuntu