CVE Vulnerabilities

CVE-2020-12244

Improper Verification of Cryptographic Signature

Published: May 19, 2020 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name Vendor Start Version End Version
Recursor Powerdns 4.1.0 (including) 4.3.0 (including)
Pdns-recursor Ubuntu bionic *
Pdns-recursor Ubuntu eoan *
Pdns-recursor Ubuntu trusty *
Pdns-recursor Ubuntu xenial *

References