VulnerableCode Package Details - pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2ugc-uygs-hqb8	Crafted delegations or IP fragments can poison cached delegations in Recursor.	CVE-2025-59024
VCID-cdzz-8tc8-jucu	Crafted delegations or IP fragments can poison cached delegations in Recursor.	CVE-2025-59023
VCID-m445-c6a1-uugf	Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.	CVE-2026-0398
VCID-pjbp-1jgm-s3cg	Crafted zones can lead to increased incoming network traffic.	CVE-2026-24027
VCID-umcq-ztbz-qfb2	An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.	CVE-2025-59030
VCID-wywf-pmyt-zud4	An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers. The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.	CVE-2025-30192

Vulnerability

Summary

Aliases

VCID-2ugc-uygs-hqb8

Crafted delegations or IP fragments can poison cached delegations in Recursor.

CVE-2025-59024

VCID-cdzz-8tc8-jucu

Crafted delegations or IP fragments can poison cached delegations in Recursor.

CVE-2025-59023

VCID-m445-c6a1-uugf

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.

CVE-2026-0398

VCID-pjbp-1jgm-s3cg

Crafted zones can lead to increased incoming network traffic.

CVE-2026-24027

VCID-umcq-ztbz-qfb2

An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.

CVE-2025-59030

VCID-wywf-pmyt-zud4

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers. The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.

CVE-2025-30192

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:42:18.302586+00:00	Debian Importer	Fixing	VCID-wywf-pmyt-zud4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:32:59.639672+00:00	Debian Importer	Fixing	VCID-cdzz-8tc8-jucu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:30:44.423667+00:00	Debian Importer	Fixing	VCID-pjbp-1jgm-s3cg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:55:57.152773+00:00	Debian Importer	Fixing	VCID-umcq-ztbz-qfb2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:43:09.449524+00:00	Debian Importer	Fixing	VCID-m445-c6a1-uugf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:30:45.882152+00:00	Debian Importer	Fixing	VCID-2ugc-uygs-hqb8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:42:34.659705+00:00	Debian Importer	Fixing	VCID-wywf-pmyt-zud4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:52:22.951649+00:00	Debian Importer	Fixing	VCID-cdzz-8tc8-jucu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:50:48.107792+00:00	Debian Importer	Fixing	VCID-pjbp-1jgm-s3cg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:24:42.909979+00:00	Debian Importer	Fixing	VCID-umcq-ztbz-qfb2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:14:58.126616+00:00	Debian Importer	Fixing	VCID-m445-c6a1-uugf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:05:49.004222+00:00	Debian Importer	Fixing	VCID-2ugc-uygs-hqb8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-08T19:48:00.979804+00:00	Debian Importer	Fixing	VCID-wywf-pmyt-zud4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:14:19.510536+00:00	Debian Importer	Fixing	VCID-cdzz-8tc8-jucu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:13:16.329512+00:00	Debian Importer	Fixing	VCID-pjbp-1jgm-s3cg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:55:30.730409+00:00	Debian Importer	Fixing	VCID-umcq-ztbz-qfb2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:49:07.867188+00:00	Debian Importer	Fixing	VCID-m445-c6a1-uugf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:42:52.912812+00:00	Debian Importer	Fixing	VCID-2ugc-uygs-hqb8	https://security-tracker.debian.org/tracker/data/json	38.1.0