VulnerableCode Package Details - pkg:alpm/archlinux/powerdns-recursor@4.1.4-3

Search for packages

Vulnerability	Summary	Fixed by
VCID-4c2u-n7p5-nfg4 Aliases: CVE-2018-14626	PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.	4.1.5-1 Affected by 0 other vulnerabilities.
VCID-9p7x-52ad-vbh6 Aliases: CVE-2018-14644	An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.	4.1.5-1 Affected by 0 other vulnerabilities.
VCID-ch2d-p2ru-23ex Aliases: CVE-2018-10851	PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.	4.1.5-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4c2u-n7p5-nfg4
Aliases:
CVE-2018-14626

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.

4.1.5-1
Affected by 0 other vulnerabilities.

VCID-9p7x-52ad-vbh6
Aliases:
CVE-2018-14644

An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.

4.1.5-1
Affected by 0 other vulnerabilities.

VCID-ch2d-p2ru-23ex
Aliases:
CVE-2018-10851

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

4.1.5-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-06T05:35:35.465687+00:00	Arch Linux Importer	Affected by	VCID-ch2d-p2ru-23ex	https://security.archlinux.org/AVG-805	38.1.0
2026-04-06T05:35:35.441417+00:00	Arch Linux Importer	Affected by	VCID-4c2u-n7p5-nfg4	https://security.archlinux.org/AVG-805	38.1.0
2026-04-06T05:35:35.416604+00:00	Arch Linux Importer	Affected by	VCID-9p7x-52ad-vbh6	https://security.archlinux.org/AVG-805	38.1.0
2026-04-01T18:27:03.880849+00:00	Arch Linux Importer	Affected by	VCID-ch2d-p2ru-23ex	https://security.archlinux.org/AVG-805	38.0.0
2026-04-01T18:27:03.856306+00:00	Arch Linux Importer	Affected by	VCID-4c2u-n7p5-nfg4	https://security.archlinux.org/AVG-805	38.0.0
2026-04-01T18:27:03.830166+00:00	Arch Linux Importer	Affected by	VCID-9p7x-52ad-vbh6	https://security.archlinux.org/AVG-805	38.0.0