{"url":"http://public2.vulnerablecode.io/api/packages/4910?format=json","purl":"pkg:deb/debian/pdns@3.3.1-3~bpo70%2B1","type":"deb","namespace":"debian","name":"pdns","version":"3.3.1-3~bpo70+1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.6-3+deb10u1","latest_non_vulnerable_version":"4.1.6-3+deb10u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97701?format=json","vulnerability_id":"VCID-gfwm-fnp9-d7e1","summary":"PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5426","reference_id":"","reference_type":"","scores":[{"value":"0.3697","scoring_system":"epss","scoring_elements":"0.97243","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"}],"aliases":["CVE-2016-5426"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfwm-fnp9-d7e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97700?format=json","vulnerability_id":"VCID-hp38-vkna-xbbf","summary":"An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2120","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32125","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"}],"aliases":["CVE-2016-2120"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hp38-vkna-xbbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97702?format=json","vulnerability_id":"VCID-n5n2-xvth-uqd5","summary":"PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5427","reference_id":"","reference_type":"","scores":[{"value":"0.85547","scoring_system":"epss","scoring_elements":"0.99385","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"}],"aliases":["CVE-2016-5427"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5n2-xvth-uqd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6108?format=json","vulnerability_id":"VCID-n8kr-mt65-13gj","summary":"insufficient validation","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3871","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07747","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3871"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924966","reference_id":"924966","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924966"},{"reference_url":"https://security.archlinux.org/ASA-201903-13","reference_id":"ASA-201903-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-13"},{"reference_url":"https://security.archlinux.org/AVG-927","reference_id":"AVG-927","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-927"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4917?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1%252Bdeb9u5"},{"url":"http://public2.vulnerablecode.io/api/packages/6030?format=json","purl":"pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1"}],"aliases":["CVE-2019-3871"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8kr-mt65-13gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97703?format=json","vulnerability_id":"VCID-pn7j-7cbx-wbhj","summary":"PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6172","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05384","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830808","reference_id":"830808","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830808"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"}],"aliases":["CVE-2016-6172"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pn7j-7cbx-wbhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6304?format=json","vulnerability_id":"VCID-qg7g-sudd-hue1","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1046","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00072","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1046"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1046","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1046"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898255","reference_id":"898255","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898255"},{"reference_url":"https://security.archlinux.org/ASA-201805-1","reference_id":"ASA-201805-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-1"},{"reference_url":"https://security.archlinux.org/AVG-686","reference_id":"AVG-686","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-686"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6030?format=json","purl":"pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1"}],"aliases":["CVE-2018-1046"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qg7g-sudd-hue1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97699?format=json","vulnerability_id":"VCID-tmg6-gqrq-2uc9","summary":"The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5470","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00478","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"}],"aliases":["CVE-2015-5470"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmg6-gqrq-2uc9"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.3.1-3~bpo70%252B1"}