The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.
Max CVSS
5.0
EPSS Score
1.05%
Published
2005-12-31
Updated
2008-09-05
The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.
Max CVSS
5.0
EPSS Score
1.03%
Published
2005-05-02
Updated
2017-07-11
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
Max CVSS
5.0
EPSS Score
1.69%
Published
2005-07-19
Updated
2016-10-18
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-07-19
Updated
2016-10-18
The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.
Max CVSS
5.0
EPSS Score
5.00%
Published
2006-04-27
Updated
2017-07-20
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
Max CVSS
6.4
EPSS Score
0.67%
Published
2008-08-08
Updated
2017-08-08
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.
Max CVSS
4.3
EPSS Score
0.52%
Published
2008-12-09
Updated
2017-08-08
7 vulnerabilities found