Vulnerability Details : CVE-2022-27227
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
Products affected by CVE-2022-27227
- cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Threat overview for CVE-2022-27227
Top countries where our scanners detected CVE-2022-27227
Top open port discovered on systems with this issue
53
IPs affected by CVE-2022-27227 3,534
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2022-27227!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2022-27227
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-27227
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2022-27227
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/
[SECURITY] Fedora 36 Update: pdns-recursor-4.6.2-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/03/25/1
oss-security - Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0Mailing List;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/
[SECURITY] Fedora 34 Update: pdns-4.6.2-1.fc34 - package-announce - Fedora Mailing-ListsMailing List;Patch;Third Party Advisory
-
https://docs.powerdns.com/recursor/security-advisories/index.html
Security Advisories — PowerDNS Recursor documentationVendor Advisory
-
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html
PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor — PowerDNS Recursor documentationVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/
[SECURITY] Fedora 35 Update: pdns-4.6.2-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Patch;Third Party Advisory
-
https://doc.powerdns.com/authoritative/security-advisories/index.html
Security Advisories — PowerDNS Authoritative Server documentationVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/
[SECURITY] Fedora 36 Update: pdns-4.6.2-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html
PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor — PowerDNS Authoritative Server documentationVendor Advisory
Jump to