From $URL: CVE: CVE-2025-30195 Date: 7th of April 2025. Affects: PowerDNS Recursor 5.2.0 Not affected: PowerDNS Recursor 5.2.1 and versions before 5.2.0 Severity: High Impact: Denial of service Exploit: This problem can be triggered by an attacker publishing a crafted zone Risk of system compromise: None Solution: Upgrade to patched version An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. CVSS Score: 7.5, see https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1 The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodymyr Ilyin for bringing this issue to our attention.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bada93b3742a9d08a1c77a2277c213f45b56b1d commit 7bada93b3742a9d08a1c77a2277c213f45b56b1d Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2025-04-07 18:54:08 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2025-04-07 19:14:10 +0000 net-dns/pdns-recursor: add 5.2.1, drop 5.2.0 Closes: https://bugs.gentoo.org/948134 Bug: https://bugs.gentoo.org/953379 Signed-off-by: Sven Wegener <swegener@gentoo.org> net-dns/pdns-recursor/Manifest | 2 +- .../{pdns-recursor-5.2.0.ebuild => pdns-recursor-5.2.1.ebuild} | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-)
5.2.0 was the only vulnerable version and was never marked stable.
(In reply to Sven Wegener from comment #2) > 5.2.0 was the only vulnerable version and was never marked stable. Based on this I’ve set the whiteboard to ~3.
