CVE-2023-26437 - OpenCVE

Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Powerdns	Recursor

Configuration 1 [-]

OR	cpe:2.3:a:powerdns:recursor::::::::
	cpe:2.3:a:powerdns:recursor::::::::
	cpe:2.3:a:powerdns:recursor::::::::

References

Link	Resource
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html	Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: OX

Published: 2023-04-04T14:37:29.388Z

Updated: 2023-04-04T14:59:24.624Z

Reserved: 2023-02-22T20:42:56.090Z

Link: CVE-2023-26437

JSON object: View

NVD Information

Status : Modified

Published: 2023-04-04T15:15:08.880

Modified: 2023-04-15T04:16:06.013

Link: CVE-2023-26437

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-26437", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "state": "PUBLISHED", "assignerShortName": "OX", "dateReserved": "2023-02-22T20:42:56.090Z", "datePublished": "2023-04-04T14:37:29.388Z", "dateUpdated": "2023-04-04T14:59:24.624Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Recursor", "vendor": "PowerDNS", "versions": [{"lessThanOrEqual": "4.6.5", "status": "affected", "version": "0", "versionType": "range"}, {"lessThanOrEqual": "4.7.4 ", "status": "affected", "version": "0", "versionType": "range"}, {"lessThanOrEqual": "4.8.3", "status": "affected", "version": "0", "versionType": "range"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.<p>This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.</p>"}], "value": "Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.\n\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "authoritative servers to be marked unavailable"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Denial of service", "lang": "en"}]}], "providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2023-04-04T14:59:24.624Z"}, "references": [{"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to PowerDNS Recursor 4.6.6, 4.7.5 or 4.8.4. <br>"}], "value": "Upgrade to PowerDNS Recursor 4.6.6, 4.7.5 or 4.8.4. \n"}], "source": {"discovery": "UNKNOWN"}, "title": "Deterred spoofing attempts can lead to authoritative servers being marked unavailable", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "matchCriteriaId": "5ADA5151-D48E-462A-B05B-74F93F7BC93A", "versionEndExcluding": "4.6.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "matchCriteriaId": "515C04D7-C041-429A-BDDE-B27D9F49E57B", "versionEndExcluding": "4.7.5", "versionStartIncluding": "4.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B8A7A13-5283-42CA-A2A0-9B44BEBD81C0", "versionEndExcluding": "4.8.4", "versionStartIncluding": "4.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.\n\n"}], "id": "CVE-2023-26437", "lastModified": "2023-04-15T04:16:06.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security@open-xchange.com", "type": "Secondary"}]}, "published": "2023-04-04T15:15:08.880", "references": [{"source": "security@open-xchange.com", "tags": ["Vendor Advisory"], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html"}, {"source": "security@open-xchange.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR/"}, {"source": "security@open-xchange.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6/"}], "sourceIdentifier": "security@open-xchange.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}