PT-2023-18588 · Powerdns · Powerdns Recursor

Published

2023-01-21

Updated

2024-06-15

CVE-2023-22617

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions PowerDNS Recursor version 4.8.0

Description A remote attacker might be able to cause infinite recursion in PowerDNS Recursor via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode.

Recommendations For PowerDNS Recursor version 4.8.0, update to version 4.8.1 to resolve the issue. As a temporary workaround, consider restricting DNS queries for misconfigured domains to minimize the risk of exploitation.

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

CVE-2023-22617

OPENSUSE-SU-2024:12628-1

Affected Products

Powerdns Recursor

PT-2023-18588 · Powerdns · Powerdns Recursor

CVE-2023-22617

Weakness Enumeration

Related Identifiers

Affected Products

References · 17