Approved changes feed: RSS · Atom

cpe:2.3:a:powerdns:powerdns:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorPowerdns (ef825119-8390-5906-a637-f6692acc90eb)
ProductPowerdns (4807834b-8a7b-59b5-92b4-bb9be1584818)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:docker/powerdns/pdns-auth-master purl2cpe 2026-06-01 10:12:49.251948
pkg:github/powerdns/pdns purl2cpe 2026-06-01 10:12:49.251950
pkg:rpm/fedora/pdns purl2cpe 2026-06-01 10:12:49.251952
pkg:rpm/opensuse/pdns purl2cpe 2026-06-01 10:12:49.251953

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-25583 vulnerable 2026-06-08 06:31:23.313392 Crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured
HIGH (7.5)
A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.
Published: 2024-04-25T09:45:05.220Z
Updated: 2025-02-13T17:40:49.994Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-15090 vulnerable 2026-06-08 05:08:57.827994 Details available
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
Published: 2018-01-23T15:00:00.000Z
Updated: 2024-09-16T18:38:21.212Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-5277 vulnerable 2026-06-08 04:50:50.391634 Details available
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.
Published: 2008-12-09T00:00:00.000Z
Updated: 2024-08-07T10:49:11.870Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-3337 vulnerable 2026-06-08 04:50:34.303994 Details available
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
Published: 2008-08-08T19:00:00.000Z
Updated: 2024-08-07T09:37:26.688Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2005-0038 vulnerable 2026-06-08 04:48:11.114309 Details available
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.
Published: 2006-04-28T01:00:00.000Z
Updated: 2024-08-07T20:57:40.965Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.