Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: pdns-recursor

Found 15 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2025-59024
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): Low (L)
updated 3 months ago by @LeSuisse Activity log
  • Created suggestion 3 months ago
  • @LeSuisse ignored package rotp 3 months ago
  • @LeSuisse deleted
    2 maintainers
    • @rnhmjoj
    • @jtrees
    3 months ago maintainer.delete
  • @LeSuisse accepted 3 months ago
  • @LeSuisse published on GitHub 3 months ago
Crafted delegations or IP fragments can poison cached delegations in Recursor

Crafted delegations or IP fragments can poison cached delegations in Recursor.

Affected products

pdns-recursor
  • <5.1.8
  • <5.2.6
  • <5.3.1

Matching in nixpkgs

Ignored packages (1)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

  • nixos-unstable 1.04
    • nixpkgs-unstable 1.04
    • nixos-unstable-small 1.04
  • nixos-25.11 1.04
    • nixos-25.11-small 1.04
    • nixpkgs-25.11-darwin 1.04

Package maintainers

Ignored maintainers (1) 
Fixed in:
* https://github.com/NixOS/nixpkgs/commit/42bb4a06d4a01d3dbfca9a19a9daef7cb7560374 (25.11)
* https://github.com/NixOS/nixpkgs/commit/f4cf3fc15536fdc273350b98ad8f4289f32512d2 (unstable)
Published
Permalink CVE-2026-0398
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 months ago by @LeSuisse Activity log
  • Created suggestion 3 months ago
  • @LeSuisse ignored package rotp 3 months ago
  • @LeSuisse accepted 3 months ago
  • @LeSuisse published on GitHub 3 months ago
Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.

Affected products

pdns-recursor
  • <5.2.8
  • <5.3.5
  • <5.1.10

Matching in nixpkgs

Ignored packages (1)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

  • nixos-unstable 1.04
    • nixpkgs-unstable 1.04
    • nixos-unstable-small 1.04
  • nixos-25.11 1.04
    • nixos-25.11-small 1.04
    • nixpkgs-25.11-darwin 1.04

Package maintainers

Upstream advisory: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html
Untriaged
Permalink CVE-2026-24027
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 months ago by @LeSuisse Activity log
  • Created suggestion 3 months ago
  • @LeSuisse ignored package rotp 3 months ago
Crafted zones can lead to increased incoming network traffic

Crafted zones can lead to increased incoming network traffic.

Affected products

pdns-recursor
  • <5.2.8
  • <5.3.5
  • <5.1.10

Matching in nixpkgs

Ignored packages (1)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

  • nixos-unstable 1.04
    • nixpkgs-unstable 1.04
    • nixos-unstable-small 1.04
  • nixos-25.11 1.04
    • nixos-25.11-small 1.04
    • nixpkgs-25.11-darwin 1.04

Package maintainers

Published
Permalink CVE-2025-59030
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 4 months ago by @LeSuisse Activity log
  • Created suggestion 4 months, 1 week ago
  • @LeSuisse accepted 4 months ago
  • @LeSuisse published on GitHub 4 months ago
Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor

An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.

Affected products

pdns-recursor
  • <5.3.3
  • <5.1.9
  • <5.2.7

Matching in nixpkgs

Package maintainers

Upstream advisory: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html
Dismissed
Permalink CVE-2025-59029
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 4 months ago by @LeSuisse Activity log
  • Created suggestion 4 months, 1 week ago
  • @LeSuisse dismissed 4 months ago
Internal logic flaw in cache management can lead to a denial of service in PowerDNS Recursor

An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.

Affected products

pdns-recursor
  • <5.3.2

Matching in nixpkgs

Package maintainers

Upstream advisory: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-07.html

5.2.x branch is not impacted.