-@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2025031801 10800 3600 604800 10800
+@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2025040701 10800 3600 604800 10800
@ 3600 IN NS pdns-public-ns1.powerdns.com.
@ 3600 IN NS pdns-public-ns2.powerdns.com.
recursor-5.1.1.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html"
recursor-5.1.2.security-status 60 IN TXT "1 OK"
recursor-5.1.3.security-status 60 IN TXT "1 OK"
-recursor-5.2.0-alpha1.security-status 60 IN TXT "1 Unsupported pre-release"
-recursor-5.2.0-beta1.security-status 60 IN TXT "1 Unsupported pre-release"
-recursor-5.2.0-rc1.security-status 60 IN TXT "1 Unsupported pre-release"
-recursor-5.2.0.security-status 60 IN TXT "1 OK"
+recursor-5.2.0-alpha1.security-status 60 IN TXT "3 Superseded pre-release (known vulnerabilities)"
+recursor-5.2.0-beta1.security-status 60 IN TXT "3 Superseded pre-release (known vulnerabilities)"
+recursor-5.2.0-rc1.security-status 60 IN TXT "3 Superseded pre-release (known vulnerabilities)"
+recursor-5.2.0.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html"
+recursor-5.2.1.security-status 60 IN TXT "1 OK"
; Recursor Debian
recursor-3.6.2-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/"
Before upgrading, it is advised to read the :doc:`../upgrade`.
+.. changelog::
+ :version: 5.2.1
+ :released: 7th of April 2025
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 15396
+
+ Fix PowerDNS Security Advisory 2025-01 (CVE-2025-30195): A crafted zone can lead to an illegal memory access in the Recursor.
+
.. changelog::
:version: 5.2.0
:released: 14th of January 2025
--- /dev/null
+PowerDNS Security Advisory 2025-01: A crafted zone can lead to an illegal memory access in the Recursor
+=======================================================================================================
+
+- CVE: CVE-2025-30195
+- Date: 7th of April 2025.
+- Affects: PowerDNS Recursor 5.2.0
+- Not affected: PowerDNS Recursor 5.2.1 and versions before 5.2.0
+- Severity: High
+- Impact: Denial of service
+- Exploit: This problem can be triggered by an attacker publishing a crafted zone
+- Risk of system compromise: None
+- Solution: Upgrade to patched version
+
+
+An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service.
+
+CVSS Score: 7.5, see
+https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1
+
+The remedy is: upgrade to the patched 5.2.1 version.
+
+We would like to thank Volodymyr Ilyin for bringing this issue to our attention.
projects / thirdparty / pdns.git / commitdiff
