Search for packages
| purl | pkg:deb/debian/pdns-recursor@5.4.0-1 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-26wf-1bqp-sbff
Aliases: CVE-2026-33601 |
If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. |
Affected by 0 other vulnerabilities. |
|
VCID-5afe-ws96-nqh9
Aliases: CVE-2026-33258 |
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches. |
Affected by 0 other vulnerabilities. |
|
VCID-anab-r9ty-1yh1
Aliases: CVE-2026-33600 |
An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. |
Affected by 0 other vulnerabilities. |
|
VCID-k3re-ss39-zugm
Aliases: CVE-2026-33262 |
An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default. |
Affected by 0 other vulnerabilities. |
|
VCID-mzne-k7ry-pubm
Aliases: CVE-2026-33259 |
Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider. |
Affected by 0 other vulnerabilities. |
|
VCID-v9yz-hcqv-83gu
Aliases: CVE-2026-33261 |
A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. |
Affected by 0 other vulnerabilities. |
|
VCID-xasd-r2rc-2ufq
Aliases: CVE-2026-33256 |
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-27T06:39:21.045000+00:00 | Debian Importer | Affected by | VCID-mzne-k7ry-pubm | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-27T05:58:05.351507+00:00 | Debian Importer | Affected by | VCID-v9yz-hcqv-83gu | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-27T03:51:44.739095+00:00 | Debian Importer | Affected by | VCID-anab-r9ty-1yh1 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-27T03:08:25.708809+00:00 | Debian Importer | Fixing | VCID-pfhu-1qdf-p7d5 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-27T02:25:57.207538+00:00 | Debian Importer | Affected by | VCID-5afe-ws96-nqh9 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-27T02:03:48.381160+00:00 | Debian Importer | Affected by | VCID-26wf-1bqp-sbff | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-27T00:34:32.403027+00:00 | Debian Importer | Affected by | VCID-k3re-ss39-zugm | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-27T00:12:40.446660+00:00 | Debian Importer | Affected by | VCID-xasd-r2rc-2ufq | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-26T23:48:07.190756+00:00 | Debian Importer | Fixing | VCID-chzq-qej6-rkdq | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |