VDB
CVE-2022-27227
CVE-2022-27227
PUBLISHED
Es existiert eine Schwachstelle in PowerDNS. Der Fehler besteht aufgrund einer unzureichenden Validierung einer eingehenden IXFR-Übertragung. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
EPSS 0.03% · 8.1th percentile
Risk Scores
EPSS Score
0.03%
8.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source | Open Source PowerDNS Recursor <4.5.8 | |
| Open Source | Open Source PowerDNS <4.6.1 | |
| Open Source | Open Source Arch Linux | |
| Open Source | Open Source PowerDNS <4.4.3 | |
| Fedora | Fedora Linux | |
| Open Source | Open Source PowerDNS <4.5.4 | |
| Open Source | Open Source PowerDNS Recursor <4.4.8 | |
| Ubuntu | Ubuntu Linux | |
| Open Source | Open Source PowerDNS Recursor <4.6.1 |
Timeline
- Mar 25, 2022 CVE Published
- Mar 26, 2022 EPSS Score
- May 16, 2022 EPSS Score
- Jul 6, 2022 EPSS Score
- Aug 26, 2022 EPSS Score
- Oct 16, 2022 EPSS Score
- Dec 6, 2022 EPSS Score
- Jan 26, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 18, 2023 EPSS Score
- May 7, 2023 EPSS Score
- Jun 27, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0842.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0842 advisory
- https://blog.powerdns.com/2022/03/25/security-advisory-2022-01-for-powerdns-authoritative-server-4-4-2-4-5-3-4-6-0-and-powerdns-recursor-4-4-7-4-5-7-4-6-0/ advisory
- https://security.archlinux.org/ASA-202204-11 advisory
- https://security.archlinux.org/ASA-202204-10 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-bb6f0bba09 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d4a7c0e04e advisory
- https://ubuntu.com/security/notices/USN-7203-1 advisory