5
CVSSv2

CVE-2020-10995

Published: 19/05/2020 Updated: 26/05/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

An issue has been found in PowerDNS Recursor prior to 4.3.1 and 4.2.2. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. The effect was already limited in PowerDNS Recursor because of existing mitigations, but additional mitigations relative to this specific attack have been added.

Vulnerability Trend

Affected Products

Vendor Product Versions
PowerdnsRecursor4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.3.0

Vendor Advisories

Arch Linux Security Advisory ASA-202005-10 ========================================== Severity: Medium Date : 2020-05-19 CVE-ID : CVE-2020-10995 CVE-2020-12244 Package : powerdns-recursor Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1163 Summary ======= The package powerdns-recursor before version 42 ...
An issue has been found in PowerDNS Recursor before 431 and 422 An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other ...

Mailing Lists

Hello!, Today we are releasing PowerDNS Recursor 431, 422 and 4116, containing security fixes for three CVEs: - CVE-2020-10995[1] - CVE-2020-12244[2] - CVE-2020-10030[3] The issues are: CVE-2020-10995: An issue in the DNS protocol has been found that allows malicious parties to use recursive DNS services to attack third party authoritati ...