VulnerableCode Package Details - pkg:deb/debian/pdns-recursor@4.1.7-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4c2u-n7p5-nfg4	PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.	CVE-2018-14626
VCID-9p7x-52ad-vbh6	An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.	CVE-2018-14644
VCID-ch2d-p2ru-23ex	PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.	CVE-2018-10851

Vulnerability

Summary

Aliases

VCID-4c2u-n7p5-nfg4

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.

CVE-2018-14626

VCID-9p7x-52ad-vbh6

An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.

CVE-2018-14644

VCID-ch2d-p2ru-23ex

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

CVE-2018-10851

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:28:20.243647+00:00	Debian Importer	Fixing	VCID-4c2u-n7p5-nfg4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:59:16.224903+00:00	Debian Importer	Fixing	VCID-9p7x-52ad-vbh6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:53:08.052504+00:00	Debian Importer	Fixing	VCID-ch2d-p2ru-23ex	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:32:19.027891+00:00	Debian Importer	Fixing	VCID-4c2u-n7p5-nfg4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:27:18.335566+00:00	Debian Importer	Fixing	VCID-9p7x-52ad-vbh6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:36:44.929589+00:00	Debian Importer	Fixing	VCID-ch2d-p2ru-23ex	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:29.693197+00:00	Debian Importer	Fixing	VCID-9p7x-52ad-vbh6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:29.645328+00:00	Debian Importer	Fixing	VCID-4c2u-n7p5-nfg4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:29.597590+00:00	Debian Importer	Fixing	VCID-ch2d-p2ru-23ex	https://security-tracker.debian.org/tracker/data/json	38.1.0