CVE-2022-37428

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
powerdnsrecursor
4.5.0 ≤
𝑥
< 4.5.10
powerdnsrecursor
4.6.0 ≤
𝑥
< 4.6.3
powerdnsrecursor
4.7.0 ≤
𝑥
< 4.7.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pdns-recursor
bullseye
vulnerable
buster
no-dsa
bookworm
4.8.8-1
fixed
bookworm (security)
4.8.8-1
fixed
sid
5.0.9-1
fixed
trixie
5.0.9-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pdns-recursor
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
ignored
Common Weakness Enumeration
References
https://docs.powerdns.com/recursor/lua-config/protobuf.html
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/
https://docs.powerdns.com/recursor/lua-config/protobuf.html
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/