Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: pdns

Found 7 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-42005
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 6 hours ago by @LeSuisse Activity log
  • Created suggestion 14 hours ago
  • @LeSuisse ignored
    4 packages
    • home-assistant-component-tests.namecheapdns
    • pdns-recursor
    • pdnsgrep
    • pdnsd
    6 hours ago
  • @LeSuisse accepted 6 hours ago
  • @LeSuisse published on GitHub 6 hours ago
Insufficient input validation of internal web server

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Affected products

pdns
  • <4.9.16
  • <5.1.2
  • <5.0.6

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (4)

Package maintainers

Permalink CVE-2026-33609
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion 2 months ago
  • @LeSuisse ignored
    5 packages
    • pdnsd
    • pdnsgrep
    • pdns-recursor
    • home-assistant-component-tests.namecheapdns
    • tests.home-assistant-components.namecheapdns
    2 months ago
  • @LeSuisse accepted 2 months ago
  • @LeSuisse published on GitHub 2 months ago
LDAP DN injection

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.

Affected products

pdns
  • <4.9.14
  • <5.0.4

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server
Permalink CVE-2026-33608
7.4 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion 2 months ago
  • @LeSuisse ignored
    5 packages
    • pdnsd
    • pdnsgrep
    • pdns-recursor
    • home-assistant-component-tests.namecheapdns
    • tests.home-assistant-components.namecheapdns
    2 months ago
  • @LeSuisse accepted 2 months ago
  • @LeSuisse published on GitHub 2 months ago
Incomplete domain name sanitization during

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

Affected products

pdns
  • <4.9.14
  • <5.0.4

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server
Permalink CVE-2026-33611
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion 2 months ago
  • @LeSuisse ignored
    5 packages
    • pdnsd
    • pdnsgrep
    • pdns-recursor
    • home-assistant-component-tests.namecheapdns
    • tests.home-assistant-components.namecheapdns
    2 months ago
  • @LeSuisse accepted 2 months ago
  • @LeSuisse published on GitHub 2 months ago
Insufficient validation of HTTPS and SVCB records

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

Affected products

pdns
  • <4.9.14
  • <5.0.4

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server
Permalink CVE-2026-33260
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion 2 months ago
  • @LeSuisse ignored
    7 packages
    • rotp
    • pdnsd
    • dnsdist
    • pdnsgrep
    • pdns-recursor
    • home-assistant-component-tests.namecheapdns
    • tests.home-assistant-components.namecheapdns
    2 months ago
  • @LeSuisse accepted 2 months ago
  • @LeSuisse restored
    2 packages
    • dnsdist
    • pdns-recursor
    2 months ago
  • @LeSuisse published on GitHub 2 months ago
Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Affected products

pdns
  • <4.9.14
  • <5.0.4
dnsdist
  • <2.0.4
  • <1.9.13
pdns-recursor
  • <5.2.9
  • <5.4.1
  • <5.3.6

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

  • nixos-unstable 1.04
    • nixpkgs-unstable 1.04
    • nixos-unstable-small 1.04

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server
Permalink CVE-2026-33257
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion 2 months ago
  • @LeSuisse ignored
    5 packages
    • rotp
    • pdnsgrep
    • pdnsd
    • tests.home-assistant-components.namecheapdns
    • home-assistant-component-tests.namecheapdns
    2 months ago
  • @LeSuisse accepted 2 months ago
  • @LeSuisse published on GitHub 2 months ago
Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Affected products

pdns
  • <4.9.14
  • <5.0.4
dnsdist
  • <2.0.4
  • <1.9.13
pdns-recursor
  • <5.2.9
  • <5.4.1
  • <5.3.6

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

  • nixos-unstable 1.04
    • nixpkgs-unstable 1.04
    • nixos-unstable-small 1.04

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server
Permalink CVE-2026-33610
5.9 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion 2 months ago
  • @LeSuisse ignored
    5 packages
    • pdnsd
    • pdnsgrep
    • pdns-recursor
    • home-assistant-component-tests.namecheapdns
    • tests.home-assistant-components.namecheapdns
    2 months ago
  • @LeSuisse accepted 2 months ago
  • @LeSuisse published on GitHub 2 months ago
Possible file descriptor exhaustion in forward-dnsupdate

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.

Affected products

pdns
  • <4.9.14
  • <5.0.4

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

Ignored packages (5)

pkgs.pdnsgrep

Search tool for PowerDNS logs

Package maintainers

https://blog.powerdns.com/2026/04/22/powerdns-security-advisory-2026-05-for-powerdns-authoritative-server