Search for packages
| purl | pkg:deb/debian/pdns-recursor@4.4.2-3 |
| Next non-vulnerable version | 5.2.8-0+deb13u1 |
| Latest non-vulnerable version | 5.2.8-0+deb13u1 |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2ugc-uygs-hqb8
Aliases: CVE-2025-59024 |
Crafted delegations or IP fragments can poison cached delegations in Recursor. |
Affected by 0 other vulnerabilities. |
|
VCID-66sa-bc5p-jqde
Aliases: CVE-2023-50387 |
Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service. |
Affected by 6 other vulnerabilities. |
|
VCID-7dc3-qdk8-k7b2
Aliases: CVE-2022-27227 |
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. |
Affected by 6 other vulnerabilities. |
|
VCID-8tar-s444-zfac
Aliases: CVE-2022-37428 |
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. |
Affected by 6 other vulnerabilities. |
|
VCID-cdzz-8tc8-jucu
Aliases: CVE-2025-59023 |
Crafted delegations or IP fragments can poison cached delegations in Recursor. |
Affected by 0 other vulnerabilities. |
|
VCID-m445-c6a1-uugf
Aliases: CVE-2026-0398 |
Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. |
Affected by 0 other vulnerabilities. |
|
VCID-mkcs-362g-t7aq
Aliases: CVE-2023-26437 |
Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3. |
Affected by 6 other vulnerabilities. |
|
VCID-pjbp-1jgm-s3cg
Aliases: CVE-2026-24027 |
Crafted zones can lead to increased incoming network traffic. |
Affected by 0 other vulnerabilities. |
|
VCID-umcq-ztbz-qfb2
Aliases: CVE-2025-59030 |
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP. |
Affected by 0 other vulnerabilities. |
|
VCID-vprj-j7u6-zbe7
Aliases: CVE-2023-50868 |
Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service. |
Affected by 6 other vulnerabilities. |
|
VCID-wmgd-z2j3-h7d9
Aliases: CVE-2024-25590 |
An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. |
Affected by 6 other vulnerabilities. |
|
VCID-wywf-pmyt-zud4
Aliases: CVE-2025-30192 |
An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers. The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-12cd-ky6m-qkdg | security update |
CVE-2020-12244
|
| VCID-3e3b-z5bh-pban | An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution. |
CVE-2020-10030
|
| VCID-htr2-rwgm-47ed | A vulnerability in PowerDNS Recursor could lead to a Denial of Service condition. |
CVE-2020-25829
|
| VCID-n2k6-nfxs-7ydj | security update |
CVE-2020-10995
|
| VCID-s6ds-tuus-n7hr | In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. |
CVE-2020-14196
|