Description
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory
https://docs.powerdns.com/recursor/changelog/4.8.html#change-4.8.1
Vendor Advisory
https://docs.powerdns.com/recursor/security-advisories/
Mailing List, Release Notes, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2023/01/20/1
Scores
CVSS v3
7.5
EPSS
0.0732
EPSS Percentile
93.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-674
Status
published
Products (1)
powerdns/recursor
4.8.0
Published
Jan 21, 2023
Tracked Since
Feb 18, 2026