CVE-2022-37428 — Incomplete Cleanup in Recursor

CWE-459 — Incomplete Cleanup5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 83.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Powerdns Recursor Fedoraproject Fedora

Timeline

PublishedAug 23

Latest updateAug 24

Description

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDpowerdns/recursor4.5.0 — 4.5.10+2

Also affects: Fedora 36

🔴Vulnerability Details

GHSA

GHSA-w3r7-9rrf-88pm: PowerDNS Recursor up to and including 4↗2022-08-24

▶

CVEList

CVE-2022-37428: PowerDNS Recursor up to and including 4↗2022-08-23

▶

OSV

CVE-2022-37428: PowerDNS Recursor up to and including 4↗2022-08-23

▶

📋Vendor Advisories

Debian

CVE-2022-37428: pdns-recursor - PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logg...↗2022

▶