Vulnerability Description
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Powerdns | Recursor | >= 4.5.0, < 4.5.10 |
| Fedoraproject | Fedora | 36 |
Related Weaknesses (CWE)
References
- https://docs.powerdns.com/recursor/lua-config/protobuf.htmlVendor Advisory
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02Vendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://docs.powerdns.com/recursor/lua-config/protobuf.htmlVendor Advisory
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02Vendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2022-37428?
CVE-2022-37428 is a vulnerability with a CVSS score of 6.5 (MEDIUM). PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS qu...
How severe is CVE-2022-37428?
CVE-2022-37428 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-37428?
Check the references section above for vendor advisories and patch information. Affected products include: Powerdns Recursor, Fedoraproject Fedora.