PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
| Software | From | Fixed in |
|---|---|---|
| powerdns / powerdns | 2.9.0 | 2.9.0.x |
| powerdns / powerdns | 2.9.1 | 2.9.1.x |
| powerdns / powerdns | 2.9.10 | 2.9.10.x |
| powerdns / powerdns | 2.9.11 | 2.9.11.x |
| powerdns / powerdns | 2.9.12 | 2.9.12.x |
| powerdns / powerdns | 2.9.13 | 2.9.13.x |
| powerdns / powerdns | 2.9.14 | 2.9.14.x |
| powerdns / powerdns | 2.9.15 | 2.9.15.x |
| powerdns / powerdns | 2.9.16 | 2.9.16.x |
| powerdns / powerdns | 2.9.17 | 2.9.17.x |
| powerdns / powerdns | 2.9.2 | 2.9.2.x |
| powerdns / powerdns | 2.9.3a | 2.9.3a.x |
| powerdns / powerdns | 2.9.4 | 2.9.4.x |
| powerdns / powerdns | 2.9.5 | 2.9.5.x |
| powerdns / powerdns | 2.9.6 | 2.9.6.x |
| powerdns / powerdns | 2.9.7 | 2.9.7.x |
| powerdns / powerdns | 2.9.8 | 2.9.8.x |