CVE-2020-25829 — Recursor vulnerability
8 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 42.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 16
Latest updateMay 24
Description
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
3📋Vendor Advisories
1Debian▶
CVE-2020-25829: pdns-recursor - An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, ...↗2020
💬Community
3Bugzilla▶
CVE-2020-25829 pdns-recursor: remote attacker can cause the cached records for a given name to be updated to the ‘Bogus’ DNSSEC validation state instead of their actual DNSSEC ‘Secure’ state via a DNS↗2020-10-19
Bugzilla▶
CVE-2020-25829 pdns-recursor: remote attacker can cause the cached records for a given name to be updated to the ‘Bogus’ DNSSEC validation state instead of their actual DNSSEC ‘Secure’ state via a DNS↗2020-10-19
Bugzilla▶
CVE-2020-25829 pdns-recursor: remote attacker can cause the cached records for a given name to be updated to the ‘Bogus’ DNSSEC validation state instead of their actual DNSSEC ‘Secure’ state via a DNS↗2020-10-19