Search for packages
| purl | pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1 |
| Next non-vulnerable version | 5.2.8-0+deb13u1 |
| Latest non-vulnerable version | 5.2.8-0+deb13u1 |
| Risk | 2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2ugc-uygs-hqb8
Aliases: CVE-2025-59024 |
Crafted delegations or IP fragments can poison cached delegations in Recursor. |
Affected by 0 other vulnerabilities. |
|
VCID-cdzz-8tc8-jucu
Aliases: CVE-2025-59023 |
Crafted delegations or IP fragments can poison cached delegations in Recursor. |
Affected by 0 other vulnerabilities. |
|
VCID-m445-c6a1-uugf
Aliases: CVE-2026-0398 |
Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. |
Affected by 0 other vulnerabilities. |
|
VCID-pjbp-1jgm-s3cg
Aliases: CVE-2026-24027 |
Crafted zones can lead to increased incoming network traffic. |
Affected by 0 other vulnerabilities. |
|
VCID-umcq-ztbz-qfb2
Aliases: CVE-2025-59030 |
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP. |
Affected by 0 other vulnerabilities. |
|
VCID-wywf-pmyt-zud4
Aliases: CVE-2025-30192 |
An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers. The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-66sa-bc5p-jqde | Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service. |
CVE-2023-50387
|
| VCID-7dc3-qdk8-k7b2 | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. |
CVE-2022-27227
|
| VCID-8tar-s444-zfac | PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. |
CVE-2022-37428
|
| VCID-mkcs-362g-t7aq | Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3. |
CVE-2023-26437
|
| VCID-vprj-j7u6-zbe7 | Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service. |
CVE-2023-50868
|
| VCID-wmgd-z2j3-h7d9 | An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. |
CVE-2024-25590
|