Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: pdns

Found 12 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-42005
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 5 hours ago by @LeSuisse Activity log
  • Created suggestion 13 hours ago
  • @LeSuisse ignored
    4 packages
    • home-assistant-component-tests.namecheapdns
    • pdns-recursor
    • pdnsgrep
    • pdnsd
    5 hours ago
  • @LeSuisse accepted 5 hours ago
  • @LeSuisse published on GitHub 5 hours ago
Insufficient input validation of internal web server

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Affected products

pdns
  • <4.9.16
  • <5.1.2
  • <5.0.6

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (4)

Package maintainers

Untriaged
Permalink CVE-2026-42000
6.8 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
created 1 month ago Activity log
  • Created suggestion 1 month ago
Insufficient Validation of Names During AXFR

Insufficient Validation of Names During AXFR

Affected products

pdns
  • <4.9.15
  • <5.0.5

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

Untriaged
Permalink CVE-2026-41999
4.8 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 1 month ago Activity log
  • Created suggestion 1 month ago
Incorrect Behaviour of Views with TCP PROXY Requests

Incorrect Behaviour of Views with TCP PROXY Requests

Affected products

pdns
  • <5.0.5

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

Untriaged
Permalink CVE-2026-42002
5.9 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 1 month ago Activity log
  • Created suggestion 1 month ago
Concurrency and locking defects in GSS-TSIG

Concurrency and locking defects in GSS-TSIG

Affected products

pdns
  • <4.9.15
  • <5.0.5

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

Untriaged
Permalink CVE-2026-42001
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 1 month ago Activity log
  • Created suggestion 1 month ago
Insufficient Validation of Autoprimary SOA Queries

Insufficient Validation of Autoprimary SOA Queries

Affected products

pdns
  • <4.9.15
  • <5.0.5

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

Untriaged
Permalink CVE-2026-42396
4.9 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 1 month ago Activity log
  • Created suggestion 1 month ago
Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail

Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail

Affected products

pdns
  • <4.9.15
  • <5.0.5

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

Published
Permalink CVE-2026-33609
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion 2 months ago
  • @LeSuisse ignored
    5 packages
    • pdnsd
    • pdnsgrep
    • pdns-recursor
    • home-assistant-component-tests.namecheapdns
    • tests.home-assistant-components.namecheapdns
    2 months ago
  • @LeSuisse accepted 2 months ago
  • @LeSuisse published on GitHub 2 months ago
LDAP DN injection

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.

Affected products

pdns
  • <4.9.14
  • <5.0.4

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server
Published
Permalink CVE-2026-33608
7.4 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion 2 months ago
  • @LeSuisse ignored
    5 packages
    • pdnsd
    • pdnsgrep
    • pdns-recursor
    • home-assistant-component-tests.namecheapdns
    • tests.home-assistant-components.namecheapdns
    2 months ago
  • @LeSuisse accepted 2 months ago
  • @LeSuisse published on GitHub 2 months ago
Incomplete domain name sanitization during

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

Affected products

pdns
  • <4.9.14
  • <5.0.4

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server
Published
Permalink CVE-2026-33611
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion 2 months ago
  • @LeSuisse ignored
    5 packages
    • pdnsd
    • pdnsgrep
    • pdns-recursor
    • home-assistant-component-tests.namecheapdns
    • tests.home-assistant-components.namecheapdns
    2 months ago
  • @LeSuisse accepted 2 months ago
  • @LeSuisse published on GitHub 2 months ago
Insufficient validation of HTTPS and SVCB records

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

Affected products

pdns
  • <4.9.14
  • <5.0.4

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server
Published
Permalink CVE-2026-33260
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion 2 months ago
  • @LeSuisse ignored
    7 packages
    • rotp
    • pdnsd
    • dnsdist
    • pdnsgrep
    • pdns-recursor
    • home-assistant-component-tests.namecheapdns
    • tests.home-assistant-components.namecheapdns
    2 months ago
  • @LeSuisse accepted 2 months ago
  • @LeSuisse restored
    2 packages
    • dnsdist
    • pdns-recursor
    2 months ago
  • @LeSuisse published on GitHub 2 months ago
Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Affected products

pdns
  • <4.9.14
  • <5.0.4
dnsdist
  • <2.0.4
  • <1.9.13
pdns-recursor
  • <5.2.9
  • <5.4.1
  • <5.3.6

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

  • nixos-unstable 1.04
    • nixpkgs-unstable 1.04
    • nixos-unstable-small 1.04

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server