Insufficient Validation in PowerDNS Authoritative Server and Recursor
CVE-2022-27227

7.5HIGH

Key Information:

Vendor
Powerdns
Status
Recursor
Authoritative Server
Vendor
CVE Published:
25 March 2022

Summary

In specific versions of PowerDNS Authoritative Server and Recursor, an issue exists where insufficient validation of an IXFR end condition results in incomplete zone transfers being erroneously treated as successful. This flaw can lead administrators to believe that their DNS configurations have been transferred accurately, which may cause significant problems in DNS management and operational integrity.

References

https://docs.powerdns.com/recursor/security-advisories/in...
x_refsource_MISC
https://doc.powerdns.com/authoritative/security-advisorie...
x_refsource_MISC
https://docs.powerdns.com/recursor/security-advisories/po...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.