PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
Weakness
The product does not properly “clean up” and remove temporary or supporting resources after they have been used.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Recursor | Powerdns | 4.5.0 (including) | 4.5.10 (excluding) |
| Recursor | Powerdns | 4.6.0 (including) | 4.6.3 (excluding) |
| Recursor | Powerdns | 4.7.0 (including) | 4.7.2 (excluding) |
| Pdns-recursor | Ubuntu | bionic | * |
| Pdns-recursor | Ubuntu | focal | * |
| Pdns-recursor | Ubuntu | kinetic | * |
| Pdns-recursor | Ubuntu | trusty | * |
| Pdns-recursor | Ubuntu | upstream | * |
| Pdns-recursor | Ubuntu | xenial | * |
Potential Mitigations
References
- https://docs.powerdns.com/recursor/lua-config/protobuf.html
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/
- https://docs.powerdns.com/recursor/lua-config/protobuf.html
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/