930635 – (CVE-2024-25583) <net-dns/pdns-recursor-5.0.4: crafted responses can lead to a denial of service

Bug 930635 (CVE-2024-25583) - <net-dns/pdns-recursor-5.0.4: crafted responses can lead to a denial of service

Summary: <net-dns/pdns-recursor-5.0.4: crafted responses can lead to a denial of service

Status:	CONFIRMED

Alias:	CVE-2024-25583

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://docs.powerdns.com/recursor/se...
Whiteboard:	B3 [glsa?]
Keywords:

Depends on:
Blocks:

Reported:	2024-04-24 17:39 UTC by Sven Wegener
Modified:	2024-05-04 06:18 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sven Wegener gentoo-dev

2024-04-24 17:39:08 UTC

From $URL:

A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.

CVSS Score: 7.5, only for configurations using recursive forwarding, see https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1

The remedy is to update to a patched version.

Comment 1 Larry the Git Cow gentoo-dev

2024-04-24 17:54:58 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c345d6cba29d96f1e8ca510aca8ea0832d8e0b6d

commit c345d6cba29d96f1e8ca510aca8ea0832d8e0b6d
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2024-04-24 17:52:52 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2024-04-24 17:54:48 +0000

    net-dns/pdns-recursor: add 5.0.4
    
    Bug: https://bugs.gentoo.org/930635
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns-recursor/Manifest                   |   1 +
 net-dns/pdns-recursor/pdns-recursor-5.0.4.ebuild | 132 +++++++++++++++++++++++
 2 files changed, 133 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2024-04-28 18:23:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9628110498e232dec1584d48afa05e27e8ad3acb

commit 9628110498e232dec1584d48afa05e27e8ad3acb
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2024-04-28 18:23:29 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2024-04-28 18:23:35 +0000

    net-dns/pdns-recursor: stabilize 5.0.4 for amd64, x86
    
    Bug: https://bugs.gentoo.org/930635
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns-recursor/pdns-recursor-5.0.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 3 Larry the Git Cow gentoo-dev

2024-05-03 18:26:22 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=607af859d207654834a2a454ff962c39a88f4ff3

commit 607af859d207654834a2a454ff962c39a88f4ff3
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2024-05-03 18:26:11 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2024-05-03 18:26:18 +0000

    net-dns/pdns-recursor: drop 5.0.2, 5.0.3
    
    Bug: https://bugs.gentoo.org/930635
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns-recursor/Manifest                   |   2 -
 net-dns/pdns-recursor/pdns-recursor-5.0.2.ebuild | 132 -----------------------
 net-dns/pdns-recursor/pdns-recursor-5.0.3.ebuild | 132 -----------------------
 3 files changed, 266 deletions(-)