An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an malicious user to bypass DNSSEC validation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
powerdns recursor |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
debian debian linux 10.0 |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |