Lucene search

PRIOn knowledge basePRION:CVE-2020-12244

HistoryMay 19, 2020 - 2:15 p.m.

Input validation

2020-05-1914:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.

CPENameOperatorVersion
debian_linuxeq10.0
fedoraeq31
fedoraeq32
backports_sleeq15.0 sp1
leapeq15.1
recursorge4.1.0
recursorle4.3.0

Name	Operator	Version
debian_linux	eq	10.0
fedora	eq	31
fedora	eq	32
backports_sle	eq	15.0 sp1
leap	eq	15.1
recursor	ge	4.1.0
recursor	le	4.3.0

References

lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html

www.openwall.com/lists/oss-security/2020/05/19/3

doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF/

www.debian.org/security/2020/dsa-4691