pkg:Debian/pdns-recursor
74 total CVEsCRITICAL1HIGH33MEDIUM21LOW1
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2019-3807An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from aut…from 0, < 4.1.9-1
- from 0, < 4.3.1-1
- from 0
- from 0, < 5.2.6-0+deb13u1
- HIGH8.1CVE-2019-3806An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received…from 0, < 4.1.9-1
- HIGH7.5CVE-2026-33260An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service.from 0
- HIGH7.5CVE-2026-33258By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.from 0
- HIGH7.5CVE-2026-33257An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service.from 0
- HIGH7.5CVE-2026-33256An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service.from 0
- from 0
- from 0, < 5.2.7-0+deb13u1
- HIGH7.5CVE-2025-30192An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries.from 0
- from 0, < 5.2.1-1
- from 0
- from 0, < 4.8.8-1+deb12u1
- from 0, < 4.8.8-1
- from 0, < 4.8.8-1
- HIGH7.5CVE-2023-50868The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a de…from 0
- from 0, < 4.8.6-1
- from 0
- HIGH7.5CVE-2023-22617A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misc…from 0, < 4.8.1-1
- HIGH7.5CVE-2022-27227In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before…from 0
- HIGH7.5CVE-2020-25829An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5.from 0, < 4.3.5-1
- from 0, < 4.3.1-1
- from 0, < 4.1.11-1+deb10u1
- HIGH7.5CVE-2020-12244An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA…from 0, < 4.3.1-1
- HIGH7.5CVE-2018-16855An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds…from 0, < 4.1.8-1
- HIGH7.5CVE-2018-14626PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cach…from 0, < 4.1.7-1
- HIGH7.5CVE-2018-10851PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9,…from 0, < 4.1.7-1
- from 0, < 3.3-3+deb7u2
- from 0, < 3.6.2-2+deb8u3
- from 0, < 4.0.4-1
- from 0, < 4.1.0-1
- from 0, < 4.0.4-1+deb9u3
- MEDIUM6.5CVE-2025-59024Crafted delegations or IP fragments can poison cached delegations in Recursor.from 0
- MEDIUM6.5CVE-2022-37428PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exceptio…from 0
- MEDIUM6.1CVE-2017-15092A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname…from 0, < 4.0.7-1
- MEDIUM5.9CVE-2026-33262An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of se…from 0
- MEDIUM5.9CVE-2026-33261A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.from 0
- MEDIUM5.9CVE-2018-14644An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4.from 0, < 4.1.7-1
- MEDIUM5.9CVE-2016-7074An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in…from 0, < 4.0.4-1
- MEDIUM5.9CVE-2016-7073An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in…from 0, < 4.0.4-1
- MEDIUM5.9CVE-2017-15094An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when…from 0, < 4.0.7-1
- MEDIUM5.9CVE-2017-15090An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatu…from 0, < 4.0.7-1
- from 0
- from 0, < 5.2.8-0+deb13u1
- from 0
- MEDIUM5.3CVE-2025-59029An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, the…from 0, < 5.3.3-1
- MEDIUM5.3CVE-2023-26437Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: thr…from 0
- from 0, < 4.3.2-1
- from 0, < 4.1.11-1+deb10u2
- MEDIUM5.3CVE-2017-15093When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0…from 0, < 4.0.7-1
- MEDIUM5.0CVE-2026-33259Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor.from 0
- MEDIUM4.9CVE-2026-33601If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer derefe…from 0
- MEDIUM4.9CVE-2026-33600An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading…from 0
- LOW3.7CVE-2018-1000003Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to de…from 0, < 4.1.1-1
- from 0, < 3.6.2-2+deb8u2
- from 0, < 3.7.3-1
- —CVE-2015-1868The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Serve…from 0, < 3.7.2-1
- from 0, < 3.6.2-1
- from 0, < 3.3-3+deb7u1
- from 0, < 3.2-4+deb6u1
- —CVE-2014-3614Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service…from 0, < 3.6.1-1
- from 0, < 3.1.4+v3.1.7-0+etch1
- from 0, < 3.1.7.2-1
- from 0, < 3.1.7-1+lenny1
- from 0, < 3.1.7.2-1
- —CVE-2008-3217PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier f…from 0, < 3.1.7-1
- from 0, < 3.1.4-1+etch2
- from 0, < 3.1.7-1
- from 0, < 3.1.4-1+etch1
- —CVE-2006-4252PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a…from 0, < 3.1.4-1
- from 0, < 3.1.4-1
- —CVE-2006-2069The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.from 0, < 3.0.1-1