Powerdns Authoritative

Invalid HTTPS/SVCB Records Causing LMDB Corruption in Knot DNS
CVE-2026-33611 6.5 - Medium - April 22, 2026

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

Integer Overflow or Wraparound

PowerDNS Secondary DoS via File Descriptor Exhaustion
CVE-2026-33610 5.9 - Medium - April 22, 2026

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.

Resource Exhaustion

Incomplete LDAP Escaping in Open-Xchange 8bit-dns Enables Internal Domain Query
CVE-2026-33609 5.3 - Medium - April 22, 2026

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.

LDAP Injection

CVE-2026-33608: DNS NOTIFY Exploit Causes BIND Config Corruption
CVE-2026-33608 7.4 - High - April 22, 2026

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

Code Injection

Denial of Service via Unlimited Memory Allocation in Internal Web Server
CVE-2026-33260 5.3 - Medium - April 22, 2026

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Allocation of Resources Without Limits or Throttling

DoS in Disabled Internal Web Server via Unlimited Memory Allocation
CVE-2026-33257 5.3 - Medium - April 22, 2026

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Allocation of Resources Without Limits or Throttling

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
CVE-2020-17482 - October 02, 2020

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used
CVE-2020-24696 8.1 - High - October 02, 2020

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.

Race Condition

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used
CVE-2020-24697 7.5 - High - October 02, 2020

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used
CVE-2020-24698 9.8 - Critical - October 02, 2020

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature.

Double-free

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8
CVE-2019-10162 7.5 - High - July 30, 2019

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.

AuthZ

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8
CVE-2019-10163 4.3 - Medium - July 30, 2019

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.

Allocation of Resources Without Limits or Throttling

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records
CVE-2018-10851 - November 29, 2018

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

Resource Exhaustion

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query
CVE-2018-14626 - November 29, 2018

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.

Resource Exhaustion