Today we have released PowerDNS Recursor 5.2.1. This release fixes PowerDNS Security Advisory 2025-01: A crafted zone can lead to an illegal memory access in the Recursor. This advisory is also published here[1].
__________________________________________________________________
PowerDNS Security Advisory 2025-01: A crafted zone can lead to an illegal
memory access in the Recursor
CVE: CVE-2025-30195
Date: 7th of April 2025.
Affects: PowerDNS Recursor 5.2.0
Not affected: PowerDNS Recursor 5.2.1 and versions before 5.2.0
Severity: High
Impact: Denial of service
Exploit: This problem can be triggered by an attacker publishing a
crafted zone
Risk of system compromise: None
Solution: Upgrade to patched version
An attacker can publish a zone containing specific Resource Record
Sets. Processing and caching results for these sets can lead to an
illegal memory access and crash of the Recursor, causing a denial of
service.
CVSS Score: 7.5, see
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P
R:N/UI:N/S:U/C:N/I:N/A:H&version=3.1[2]
The remedy is: upgrade to the patched 5.2.1 version.
We would like to thank Volodymyr Ilyin for bringing this issue to our
attention.
__________________________________________________________________
Please refer to the changelog [3]and upgrade guide[4] for additional
details.
Please send us all feedback and issues you might have via the mailing
list[5], or in case of a bug, via GitHub[6].
The tarball[7] (with signature file[8]) is available from our
download server[9] and packages for several distributions are available
from our repository[10].
We are grateful to the PowerDNS community for the reporting of bugs,
issues, feature requests, and especially to the submitters of fixes and
implementations of features.
References
1.
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html
2.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1
3. https://doc.powerdns.com/recursor/changelog/5.2.html#change-5.2.1
4. https://docs.powerdns.com/recursor/upgrade.html
5. https://mailman.powerdns.com/mailman/listinfo/pdns-users
6. https://github.com/PowerDNS/pdns/issues/new/choose
7. https://downloads.powerdns.com/releases/pdns-recursor-5.2.1.tar.bz2
8. https://downloads.powerdns.com/releases/pdns-recursor-5.2.1.tar.bz2.sig
9. https://downloads.powerdns.com/releases/
10. https://repo.powerdns.com/
--
kind regards,
Otto Moerbeek
Senior Developer PowerDNS
Phone: +49 2761 75252 00 Fax: +49 2761 75252 30
Email: otto.moerb...@open-xchange.com
-------------------------------------------------------------------------------------
Open-Xchange AG, Hohenzollernring 72, 50672 Cologne, District Court Cologne HRB
95366
Managing Board: Andreas Gauger, Dirk Valbert, Frank Hoberg, Stephan Martin
Chairman of the Board: Dr. Paul-Josef Patt
PowerDNS.COM BV, Koninginnegracht 5, 2514 AA Den Haag, The Netherlands
Managing Director: Robert Brandt
-------------------------------------------------------------------------------------
signature.asc
Description: PGP signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
