CVE-2022-27227
published 2022-03-25CVE-2022-27227: In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pdns | < pdns 4.6.1-1 (bookworm) | pdns 4.6.1-1 (bookworm) |
| debian | pdns-recursor | < pdns 4.6.1-1 (bookworm) | pdns 4.6.1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| open-xchange | pdns | >= 0 < 4.6.1-1 | 4.6.1-1 |
| open-xchange | pdns | >= 0 < 4.6.1-1 | 4.6.1-1 |
| open-xchange | pdns | >= 0 < 4.6.1-1 | 4.6.1-1 |
| open-xchange | pdns | >= 0 < 4.0.0~alpha2-3ubuntu0.1~esm1 | 4.0.0~alpha2-3ubuntu0.1~esm1 |
| open-xchange | pdns | >= 0 < 4.1.1-1ubuntu0.1~esm1 | 4.1.1-1ubuntu0.1~esm1 |
| open-xchange | pdns | >= 0 < 4.2.1-1ubuntu0.1~esm1 | 4.2.1-1ubuntu0.1~esm1 |
| open-xchange | pdns | >= 0 < 4.5.3-1ubuntu0.1~esm1 | 4.5.3-1ubuntu0.1~esm1 |
| powerdns | authoritative_server | < 4.4.3 | 4.4.3 |
| powerdns | authoritative_server | >= 4.5.0 < 4.5.4 | 4.5.4 |
| powerdns | authoritative_server | >= 4.6.0 < 4.6.1 | 4.6.1 |
| powerdns | recursor | < 4.4.8 | 4.4.8 |
| powerdns | recursor | >= 4.5.0 < 4.5.8 | 4.5.8 |
| powerdns | recursor | >= 4.6.0 < 4.6.1 | 4.6.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.8HIGH