Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/pdns-recursor@5.2.9-0%2Bdeb13u1
purl pkg:deb/debian/pdns-recursor@5.2.9-0%2Bdeb13u1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (9)
Vulnerability Summary Aliases
VCID-26wf-1bqp-sbff If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. CVE-2026-33601
VCID-5afe-ws96-nqh9 By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches. CVE-2026-33258
VCID-anab-r9ty-1yh1 An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. CVE-2026-33600
VCID-chzq-qej6-rkdq An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. CVE-2026-33257
VCID-k3re-ss39-zugm An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default. CVE-2026-33262
VCID-mzne-k7ry-pubm Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider. CVE-2026-33259
VCID-pfhu-1qdf-p7d5 An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. CVE-2026-33260
VCID-v9yz-hcqv-83gu A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. CVE-2026-33261
VCID-xasd-r2rc-2ufq An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. CVE-2026-33256

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-02T02:57:20.454332+00:00 Debian Importer Fixing VCID-pfhu-1qdf-p7d5 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T02:55:50.334240+00:00 Debian Importer Fixing VCID-mzne-k7ry-pubm https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T02:26:39.408488+00:00 Debian Importer Fixing VCID-anab-r9ty-1yh1 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-02T00:04:52.323232+00:00 Debian Importer Fixing VCID-26wf-1bqp-sbff https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:54:38.787824+00:00 Debian Importer Fixing VCID-k3re-ss39-zugm https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:41:43.297739+00:00 Debian Importer Fixing VCID-xasd-r2rc-2ufq https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:24:48.253733+00:00 Debian Importer Fixing VCID-5afe-ws96-nqh9 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:15:29.596612+00:00 Debian Importer Fixing VCID-v9yz-hcqv-83gu https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T22:06:38.368611+00:00 Debian Importer Fixing VCID-chzq-qej6-rkdq https://security-tracker.debian.org/tracker/data/json 38.6.0