Remote Code Execution Vulnerability in PowerDNS Recursor by PowerDNS
CVE-2023-22617

7.5HIGH

Key Information:

Vendor: Powerdns
Status: Recursor
Vendor: CVE Published:; 21 January 2023

What is CVE-2023-22617?

A vulnerability exists in PowerDNS Recursor 4.8.0 that allows a remote attacker to exploit a DNS query resulting in infinite recursion. This flaw arises due to QName minimization in QM fallback mode when retrieving DS records from misconfigured domains. The issue has been addressed in version 4.8.1, which mitigates the possibility of such exploits.

References

https://docs.powerdns.com/recursor/security-advisories/

http://www.openwall.com/lists/oss-security/2023/01/20/1

mailing-list

https://docs.powerdns.com/recursor/changelog/4.8.html#cha...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2023
Vulnerability Reserved
Jan 4, 2023

JSON

Powerdns

What is CVE-2023-22617?

References

CVSS V3.1

Timeline