NIXPKGS-2026-1241

GitHub issue published on

Permalink CVE-2026-33601

4.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 6 days, 11 hours ago by @LeSuisse Activity log

Created suggestion 6 days, 17 hours ago
@LeSuisse ignored package rotp 6 days, 11 hours ago
@LeSuisse accepted 6 days, 11 hours ago
@LeSuisse published on GitHub 6 days, 11 hours ago

Insufficient validation of zonemd record

If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

References

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerd…

Affected products

pdns-recursor

<5.3.6
<5.4.1
<5.2.9

Matching in nixpkgs

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.0
- nixpkgs-unstable 5.4.0
- nixos-unstable-small 5.4.0
nixos-25.11 5.2.8
- nixos-25.11-small 5.2.8
- nixpkgs-25.11-darwin 5.2.8

Ignored packages (1)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

nixos-unstable 1.04
- nixpkgs-unstable 1.04
- nixos-unstable-small 1.04
nixos-25.11 1.04
- nixos-25.11-small 1.04
- nixpkgs-25.11-darwin 1.04

Package maintainers

@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>