 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.118454 |
| Category: | Denial of Service |
| Title: | PowerDNS Recursor DoS Vulnerability (2023-01) |
| Summary: | PowerDNS Recursor is prone to a denial of service (DoS); vulnerability. |
| Description: | Summary: PowerDNS Recursor is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: An issue in the processing of queries for misconfigured domains has been found in PowerDNS Recursor 4.8.0, allowing a remote attacker to crash the recursor by sending a DNS query for one of these domains. The issue happens because the recursor enters an unbounded loop, exceeding its stack memory. Because of the specific way in which this issue happens, the vendor does not believe this issue to be exploitable for code execution. Note: PowerDNS Recursor versions before 4.8.0 are not affected. Note that when the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, a crash will lead to an automatic restart, limiting the impact to a somewhat degraded service. Affected Software/OS: PowerDNS Recursor version 4.8.0. Solution: Update to version 4.8.1 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-22617 https://docs.powerdns.com/recursor/security-advisories/ http://www.openwall.com/lists/oss-security/2023/01/20/1 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |