CVE-2022-37428
published 2022-08-23CVE-2022-37428: PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a…
PriorityP431medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.19%
64.1th percentile
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pdns-recursor | < pdns-recursor 4.7.2-1 (bookworm) | pdns-recursor 4.7.2-1 (bookworm) |
| fedoraproject | fedora | — | — |
| powerdns | recursor | >= 4.5.0 < 4.5.10 | 4.5.10 |
| powerdns | recursor | >= 4.6.0 < 4.6.3 | 4.6.3 |
| powerdns | recursor | >= 4.7.0 < 4.7.2 | 4.7.2 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w3r7-9rrf-88pm: PowerDNS Recursor up to and including 4
ghsa_unreviewed·2022-08-24
CVE-2022-37428 [MEDIUM] CWE-459 GHSA-w3r7-9rrf-88pm: PowerDNS Recursor up to and including 4
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
OSV
CVE-2022-37428: PowerDNS Recursor up to and including 4
osv·2022-08-23·CVSS 6.5
CVE-2022-37428 [MEDIUM] CVE-2022-37428: PowerDNS Recursor up to and including 4
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
Debian
CVE-2022-37428: pdns-recursor - PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logg...
vendor_debian·2022·CVSS 6.5
CVE-2022-37428 [MEDIUM] CVE-2022-37428: pdns-recursor - PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logg...
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
Scope: local
bookworm: resolved (fixed in 4.7.2-1)
bullseye: open
forky: resolved (fixed in 4.7.2-1)
sid: resolved (fixed in 4.7.2-1)
trixie: resolved (fixed in 4.7.2-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.powerdns.com/recursor/lua-config/protobuf.htmlhttps://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/https://docs.powerdns.com/recursor/lua-config/protobuf.htmlhttps://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/
2022-08-23
Published