DNSSEC Bypass Vulnerability in PowerDNS Recursor by PowerDNS
CVE-2020-12244

7.5HIGH

Key Information:

Vendor: Powerdns
Status: Recursor
Vendor: CVE Published:; 19 May 2020

What is CVE-2020-12244?

A vulnerability was identified in PowerDNS Recursor versions 4.1.0 to 4.3.0 that allows an attacker to bypass DNSSEC validation. This occurs when records in the answer section of a NXDOMAIN response, which lack an SOA, are not properly validated within the SyncRes::processAnswer function. This flaw raises concerns for users relying on DNSSEC for protection, as it permits malicious actors to execute DNS spoofing attacks, compromising the integrity of DNS responses.