CVE-2025-59029

NameCVE-2025-59029
DescriptionAn attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1122196

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pdns-recursor (PTS)bullseye4.4.2-3fixed
bookworm, bookworm (security)4.8.8-1+deb12u1fixed
trixie (security), trixie5.2.6-0+deb13u1fixed
forky5.3.1-1vulnerable
sid5.3.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pdns-recursorsourcebullseye(not affected)
pdns-recursorsourcebookworm(not affected)
pdns-recursorsourcetrixie(not affected)
pdns-recursorsource(unstable)5.3.3-11122196

Notes

[trixie] - pdns-recursor <not-affected> (Vulnerable code introduced later)
[bookworm] - pdns-recursor <not-affected> (Vulnerable code introduced later)
[bullseye] - pdns-recursor <not-affected> (Vulnerable code introduced later)
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-07.html
Search for package or bug name: Reporting problems