Vulnerability Details CVE-2020-12244
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html
- http://www.openwall.com/lists/oss-security/2020/05/19/3
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF/
- https://www.debian.org/security/2020/dsa-4691
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html
- http://www.openwall.com/lists/oss-security/2020/05/19/3
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF/
- https://www.debian.org/security/2020/dsa-4691
Products affected by CVE-2020-12244
-
cpe:2.3:a:opensuse:backports_sle:15.0
-
cpe:2.3:a:powerdns:recursor:4.1.0
-
cpe:2.3:a:powerdns:recursor:4.1.1
-
cpe:2.3:a:powerdns:recursor:4.1.10
-
cpe:2.3:a:powerdns:recursor:4.1.11
-
cpe:2.3:a:powerdns:recursor:4.1.12
-
cpe:2.3:a:powerdns:recursor:4.1.13
-
cpe:2.3:a:powerdns:recursor:4.1.14
-
cpe:2.3:a:powerdns:recursor:4.1.15
-
cpe:2.3:a:powerdns:recursor:4.1.16
-
cpe:2.3:a:powerdns:recursor:4.1.17
-
cpe:2.3:a:powerdns:recursor:4.1.18
-
cpe:2.3:a:powerdns:recursor:4.1.2
-
cpe:2.3:a:powerdns:recursor:4.1.3
-
cpe:2.3:a:powerdns:recursor:4.1.4
-
cpe:2.3:a:powerdns:recursor:4.1.5
-
cpe:2.3:a:powerdns:recursor:4.1.6
-
cpe:2.3:a:powerdns:recursor:4.1.7
-
cpe:2.3:a:powerdns:recursor:4.1.8
-
cpe:2.3:a:powerdns:recursor:4.1.9
-
cpe:2.3:a:powerdns:recursor:4.2.0
-
cpe:2.3:a:powerdns:recursor:4.2.1
-
cpe:2.3:a:powerdns:recursor:4.2.2
-
cpe:2.3:a:powerdns:recursor:4.2.3
-
cpe:2.3:a:powerdns:recursor:4.2.4
-
cpe:2.3:a:powerdns:recursor:4.2.5
-
cpe:2.3:a:powerdns:recursor:4.3.0
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:opensuse:leap:15.1