CVE-2022-27227 — Authoritative Server vulnerability

6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 92.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Pdns Powerdns Authoritative Server Powerdns Recursor +1 more

Timeline

PublishedMar 25

Latest updateJan 14

Description

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDpowerdns/authoritative_server4.5.0 — 4.5.4+2

▶NVDpowerdns/recursor4.5.0 — 4.5.8+2

▶Debianopen-xchange/pdns< 4.6.1-1+2

Also affects: Fedora 34, 35, 36

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-67fj-vc46-4xmv: In PowerDNS Authoritative Server before 4↗2022-03-26

▶

OSV

CVE-2022-27227: In PowerDNS Authoritative Server before 4↗2022-03-25

▶

CVEList

CVE-2022-27227: In PowerDNS Authoritative Server before 4↗2022-03-25

▶

📋Vendor Advisories

Ubuntu

PowerDNS vulnerabilities↗2025-01-14

▶

Debian

CVE-2022-27227: pdns - In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x bef...↗2022

▶