CVE-2024-25590

NameCVE-2024-25590
DescriptionAn attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5852-1
Debian Bugs1083285

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pdns-recursor (PTS)bullseye4.4.2-3vulnerable
bookworm4.8.8-1vulnerable
bookworm (security)4.8.8-1+deb12u1fixed
trixie5.1.3-2fixed
sid5.2.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pdns-recursorsourcebullseye(unfixed)end-of-life
pdns-recursorsourcebookworm4.8.8-1+deb12u1DSA-5852-1
pdns-recursorsource(unstable)5.0.9-11083285

Notes

[bullseye] - pdns-recursor <end-of-life> (No longer supported with security updates in Bullseye)
https://www.openwall.com/lists/oss-security/2024/10/03/3
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html
https://github.com/PowerDNS/pdns/commit/4775860c55ede7717e6e5702a90632cae5efd28e (rec-4.9.9)
https://github.com/PowerDNS/pdns/commit/60aee317a54aa80cec6c4574d40b3632cf6c0546 (rec-5.3.0-alpha0)
Search for package or bug name: Reporting problems