<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
PowerDNS Recursor Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Peter van Dijk <peter.van.dijk () powerdns com>
Date: Wed, 24 Apr 2024 12:37:56 +0200
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Dear user,
Please find below a security advisory, relating to PowerDNS Recursor
4.8.7, 4.9.4 and 5.0.3 only.
When using recursive forwarding, a crafted response from an upstream
server can cause a Denial of Service in the Recursor.
=========================================================================
PowerDNS Security Advisory 2024-02: if recursive forwarding is
configured, crafted responses can lead to a denial of service in Recursor
CVE: CVE-2024-25583
Date: 24th of April 2024.
Affects: PowerDNS Recursor 4.8.7, 4.9.4 and 5.0.3, earlier versions
are not affected
Not affected: PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4
Severity: High (only when using recursive forwarding)
Impact: Denial of service
Exploit: This problem can be triggered by an attacker publishing a crafted zone
Risk of system compromise: None
Solution: Upgrade to patched version
When using recursive forwarding, a crafted response from an upstream
server can cause a Denial of Service in the Recursor. The default
configuration of the Recursor does not use recursive forwarding and is
not affected.
CVSS Score: 7.5, only for configurations using recursive forwarding, see
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1
The remedy is to update to a patched version.
Attachment:
signature.asc
Description: This is a digitally signed message part
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
PowerDNS Recursor Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor Peter van Dijk (Apr 24)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->