| Name | CVE-2023-26437 |
| Description | Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1033941 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| pdns-recursor (PTS) | bullseye | 4.4.2-3 | vulnerable |
| bookworm, bookworm (security) | 4.8.8-1+deb12u1 | fixed | |
| trixie | 5.2.4-2 | fixed | |
| trixie (security) | 5.2.6-0+deb13u1 | fixed | |
| forky, sid | 5.3.1-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| pdns-recursor | source | bullseye | (unfixed) | end-of-life | ||
| pdns-recursor | source | (unstable) | 4.8.4-1 | 1033941 |
[bullseye] - pdns-recursor <end-of-life> (No longer supported with security updates in Bullseye)
[buster] - pdns-recursor <no-dsa> (Minor issue)
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html
https://github.com/PowerDNS/pdns/commit/94fccab63457f8327add3a8e1e2b7876234e4989 (rec-4.6.6)
https://github.com/PowerDNS/pdns/commit/5174c955a5c320849e6fe12471b7fce1c31ca2a8 (rec-4.7.5)
https://github.com/PowerDNS/pdns/commit/cd279418d3b3151ab3b489e68bb5354138220e2f (rec-4.8.4)