CVE-2022-27227

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.

Published: Mar 25, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-27227
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
powerdns / recursor	4.6.0	4.6.1
powerdns / recursor	4.5.0	4.5.8
powerdns / authoritative_server	4.6.0	4.6.1
powerdns / authoritative_server	4.5.0	4.5.4
powerdns / authoritative_server	-	4.4.3
powerdns / recursor	-	4.4.8
fedoraproject / fedora	34	34.x
fedoraproject / fedora	35	35.x
fedoraproject / fedora	36	36.x

http://www.openwall.com/lists/oss-security/2022/03/25/1
https://doc.powerdns.com/authoritative/security-advisories/index.html
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html
https://docs.powerdns.com/recursor/security-advisories/index.html
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/
https://lists.fedoraproject.org/archives/list/[email protected]/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/
https://lists.fedoraproject.org/archives/list/[email protected]/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/

Vulnerability Database

289,599

CVE-2022-27227