CVE-2022-27227
Published: 25 March 2022
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
Priority
Status
Package | Release | Status |
---|---|---|
pdns Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Not vulnerable
(4.6.3-1)
|
|
mantic |
Not vulnerable
(4.6.3-1)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
(4.6.1-1)
|
|
xenial |
Needs triage
|
|
pdns-recursor Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Not vulnerable
(4.7.2-1)
|
|
mantic |
Not vulnerable
(4.7.2-1)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
(4.6.1-1)
|
|
xenial |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
- https://www.openwall.com/lists/oss-security/2022/03/25/1
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html
- https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html
- https://docs.powerdns.com/recursor/security-advisories/index.html
- https://doc.powerdns.com/authoritative/security-advisories/index.html
- http://www.openwall.com/lists/oss-security/2022/03/25/1
- https://www.cve.org/CVERecord?id=CVE-2022-27227
- NVD
- Launchpad
- Debian