CVE-2022-27227

HIGH

PowerDNS <4.4.3-4.6.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.

References (9)

Core 9
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/03/25/1

Scores

CVSS v3 7.5
EPSS 0.0003
EPSS Percentile 7.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (5)
fedoraproject/fedora 34
fedoraproject/fedora 35
fedoraproject/fedora 36
powerdns/authoritative_server < 4.4.3
powerdns/recursor < 4.4.8
Published Mar 25, 2022
Tracked Since Feb 18, 2026