CVE-2024-25583

CVE-2024-25583

Name

CVE-2024-25583

Description

A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security@open-xchange.com	https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html
security@open-xchange.com	http://www.openwall.com/lists/oss-security/2024/04/24/1

Type

URI

security@open-xchange.com

https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html

security@open-xchange.com

http://www.openwall.com/lists/oss-security/2024/04/24/1

Source package	Min version	Max version
recursor	== 4.8.7	== 4.8.7
recursor	== 4.9.4	== 4.9.4
recursor	== 5.0.3	== 5.0.3

CPE URI

Source package

Min version

Max version

recursor

== 4.8.7

recursor

== 4.9.4

recursor

== 5.0.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
pdns-recursor	edge-community	5.0.4-r0	Peter van Dijk <peter.van.dijk@powerdns.com>	fixed
pdns-recursor	3.22-community	5.0.4-r0	None	fixed
pdns-recursor	3.21-community	5.0.4-r0	None	fixed
pdns-recursor	3.20-community	5.0.4-r0	None	fixed
pdns-recursor	3.19-community	4.9.5-r0	Peter van Dijk <peter.van.dijk@powerdns.com>	fixed

Source package

Branch

Version

Maintainer

Status

pdns-recursor

edge-community

5.0.4-r0

Peter van Dijk <peter.van.dijk@powerdns.com>

fixed

pdns-recursor

3.22-community