CVE-2023-22617

Description

A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.

Related CPE's

apowerdnsrecursor4.8.0*******

References

https://docs.powerdns.com/recursor/changelog/4.8.html#change-4.8.1

Release NotesVendor Advisory

https://docs.powerdns.com/recursor/security-advisories/

Vendor Advisory

[oss-security] 20230120 Security Advisory 2023-01 for PowerDNS Recursor 4.8.0 (CVE-2023-22617)

Mailing ListRelease NotesThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io