CVE-2020-10995

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.

References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type

GIT

Repo

https://github.com/powerdns/pdns

Events

Introduced

80da1b4773cbdad76755b01c70739059d6f607af

Last affected

f8e019026f5a1eff4b56a90a39c4acac95ae9dc4

Database specific

{
    "versions": [
        {
            "introduced": "4.1.0"
        },
        {
            "last_affected": "4.3.0"
        }
    ]
}

Affected versions

auth-4.*

auth-4.2.0

auth-4.2.0-alpha1

auth-4.2.0-beta1

auth-4.2.0-rc1

auth-4.2.0-rc2

auth-4.2.0-rc3

auth-4.2.1

auth-4.2.2

auth-4.2.3

auth-4.3.0

auth-4.3.0-alpha1

auth-4.3.0-beta1

auth-4.3.0-beta2

auth-4.3.0-rc1

auth-4.3.0-rc2

auth-4.3.1

auth-4.3.2

auth-4.4.0

auth-4.4.0-alpha0

auth-4.4.0-alpha1

auth-4.4.0-alpha2

auth-4.4.0-alpha3

auth-4.4.0-beta1

auth-4.4.0-rc1

auth-4.4.1

auth-4.4.2

auth-4.4.3

auth-4.5.0

auth-4.5.0-alpha0

auth-4.5.0-alpha1

auth-4.5.0-beta1

auth-4.5.0-rc1

auth-4.5.0-rc2

auth-4.5.1

auth-4.5.2

auth-4.5.3

auth-4.5.4

auth-4.5.5

auth-4.6.0

auth-4.6.0-alpha0

auth-4.6.0-alpha1

auth-4.6.0-beta1

auth-4.6.0-rc1

auth-4.6.1

auth-4.6.2

auth-4.6.3

auth-4.6.4

auth-4.7.0

auth-4.7.0-alpha0

auth-4.7.0-alpha1

auth-4.7.0-beta1

auth-4.7.0-beta2

auth-4.7.0-rc1

auth-4.7.1

auth-4.7.2

auth-4.7.3

auth-4.7.4

auth-4.7.5

auth-4.8.0

auth-4.8.0-alpha0

auth-4.8.0-alpha1

auth-4.8.0-beta1

auth-4.8.1

auth-4.8.2

auth-4.8.3

auth-4.8.4

auth-4.8.5

auth-4.9.0

auth-4.9.0-alpha1

auth-4.9.0-beta1

auth-4.9.0-beta2

auth-4.9.1

auth-4.9.10

auth-4.9.11

auth-4.9.12

auth-4.9.13

auth-4.9.2

auth-4.9.3

auth-4.9.4

auth-4.9.5

auth-4.9.6

auth-4.9.7

auth-4.9.8

auth-4.9.9

auth-5.*

auth-5.0.0

auth-5.0.0-alpha0

auth-5.0.0-alpha1

auth-5.0.0-beta1

auth-5.0.1

auth-5.0.2

auth-5.0.3

auth-5.1.0-alpha0

auth-5.1.0-alpha1

dnsdist-1.*

dnsdist-1.10.0-alpha0

dnsdist-1.3.0

dnsdist-1.3.1

dnsdist-1.3.2

dnsdist-1.3.3

dnsdist-1.4.0

dnsdist-1.4.0-alpha1

dnsdist-1.4.0-alpha2

dnsdist-1.4.0-beta1

dnsdist-1.4.0-rc1

dnsdist-1.4.0-rc2

dnsdist-1.4.0-rc3

dnsdist-1.4.0-rc4

dnsdist-1.4.0-rc5

dnsdist-1.5.0

dnsdist-1.5.0-alpha1

dnsdist-1.5.0-rc1

dnsdist-1.5.0-rc2

dnsdist-1.5.0-rc3

dnsdist-1.5.0-rc4

dnsdist-1.5.1

dnsdist-1.5.2

dnsdist-1.6.0

dnsdist-1.6.0-alpha0

dnsdist-1.6.0-alpha1

dnsdist-1.6.0-alpha2

dnsdist-1.6.0-alpha3

dnsdist-1.6.0-rc1

dnsdist-1.6.0-rc2

dnsdist-1.6.1

dnsdist-1.7.0

dnsdist-1.7.0-alpha0

dnsdist-1.7.0-alpha1

dnsdist-1.7.0-alpha2

dnsdist-1.7.0-beta1

dnsdist-1.7.0-beta2

dnsdist-1.7.0-rc1

dnsdist-1.7.1

dnsdist-1.7.2

dnsdist-1.7.3

dnsdist-1.7.4

dnsdist-1.7.5

dnsdist-1.8.0

dnsdist-1.8.0-alpha0

dnsdist-1.8.0-rc1

dnsdist-1.8.0-rc2

dnsdist-1.8.0-rc3

dnsdist-1.8.1

dnsdist-1.8.2

dnsdist-1.8.3

dnsdist-1.8.4

dnsdist-1.9.0

dnsdist-1.9.0-alpha0

dnsdist-1.9.0-alpha1

dnsdist-1.9.0-alpha2

dnsdist-1.9.0-alpha3

dnsdist-1.9.0-alpha4

dnsdist-1.9.0-rc1

dnsdist-1.9.1

dnsdist-1.9.10

dnsdist-1.9.11

dnsdist-1.9.12

dnsdist-1.9.2

dnsdist-1.9.3

dnsdist-1.9.4

dnsdist-1.9.5

dnsdist-1.9.6

dnsdist-1.9.7

dnsdist-1.9.8

dnsdist-1.9.9

dnsdist-2.*

dnsdist-2.0.0

dnsdist-2.0.0-alpha0

dnsdist-2.0.0-alpha1

dnsdist-2.0.0-alpha2

dnsdist-2.0.0-beta1

dnsdist-2.0.0-rc1

dnsdist-2.0.0-rc2

dnsdist-2.0.1

dnsdist-2.0.2

dnsdist-2.0.3

dnsdist-2.1.0-alpha0

dnsdist-2.1.0-alpha1

dnsdist-2.1.0-beta1

dnsdist-2.1.0-beta2

rec-4.*

rec-4.1.0

rec-4.1.1

rec-4.1.10

rec-4.1.11

rec-4.1.12

rec-4.1.13

rec-4.1.14

rec-4.1.15

rec-4.1.16

rec-4.1.17

rec-4.1.18

rec-4.1.2

rec-4.1.3

rec-4.1.4

rec-4.1.5

rec-4.1.6

rec-4.1.7

rec-4.1.8

rec-4.1.9

rec-4.10.0-alpha0

rec-4.2.0

rec-4.2.0-alpha1

rec-4.2.0-beta1

rec-4.2.0-rc1

rec-4.2.0-rc2

rec-4.2.1

rec-4.2.2

rec-4.2.3

rec-4.2.4

rec-4.2.5

rec-4.3.0

rec-4.3.0-alpha1

rec-4.3.0-alpha2

rec-4.3.0-alpha3

rec-4.3.0-beta1

rec-4.3.0-beta2

rec-4.3.0-rc1

rec-4.3.0-rc2

rec-4.4.0

rec-4.4.0-alpha0

rec-4.4.0-alpha1

rec-4.4.0-alpha2

rec-4.4.0-beta1

rec-4.4.0-rc1

rec-4.4.0-rc2

rec-4.4.1

rec-4.4.2

rec-4.4.3

rec-4.4.4

rec-4.4.5

rec-4.4.6

rec-4.4.7

rec-4.4.8

rec-4.5.0

rec-4.5.0-alpha0

rec-4.5.0-alpha1

rec-4.5.0-alpha2

rec-4.5.0-alpha3

rec-4.5.0-beta1

rec-4.5.0-beta2

rec-4.5.0-rc1

rec-4.5.1

rec-4.5.10

rec-4.5.11

rec-4.5.12

rec-4.5.2

rec-4.5.3

rec-4.5.4

rec-4.5.5

rec-4.5.6

rec-4.5.7

rec-4.5.8

rec-4.5.9

rec-4.6.0

rec-4.6.0-alpha0

rec-4.6.0-alpha1

rec-4.6.0-alpha2

rec-4.6.0-beta1

rec-4.6.0-beta2

rec-4.6.0-rc1

rec-4.6.1

rec-4.6.2

rec-4.6.3

rec-4.6.4

rec-4.6.5

rec-4.6.6

rec-4.7.0

rec-4.7.0-alpha0

rec-4.7.0-alpha1

rec-4.7.0-beta1

rec-4.7.0-rc1

rec-4.7.1

rec-4.7.2

rec-4.7.3

rec-4.7.4

rec-4.7.5

rec-4.7.6

rec-4.8.0

rec-4.8.0-alpha0

rec-4.8.0-alpha1

rec-4.8.0-beta1

rec-4.8.0-beta2

rec-4.8.0-rc1

rec-4.8.1

rec-4.8.2

rec-4.8.3

rec-4.8.4

rec-4.8.5

rec-4.8.6

rec-4.8.7

rec-4.8.8

rec-4.8.9

rec-4.9.0

rec-4.9.0-alpha0

rec-4.9.0-alpha1

rec-4.9.0-beta1

rec-4.9.0-rc1

rec-4.9.1

rec-4.9.2

rec-4.9.3

rec-4.9.4

rec-4.9.5

rec-4.9.6

rec-4.9.7

rec-4.9.8

rec-4.9.9

rec-5.*

rec-5.0.0

rec-5.0.0-alpha1

rec-5.0.0-alpha2

rec-5.0.0-beta1

rec-5.0.0-rc1

rec-5.0.0-rc2

rec-5.0.1

rec-5.0.10

rec-5.0.12

rec-5.0.2

rec-5.0.3

rec-5.0.4

rec-5.0.5

rec-5.0.6

rec-5.0.7

rec-5.0.8

rec-5.0.9

rec-5.1.0

rec-5.1.0-alpha0

rec-5.1.0-alpha1

rec-5.1.0-beta1

rec-5.1.0-rc1

rec-5.1.1

rec-5.1.10

rec-5.1.2

rec-5.1.3

rec-5.1.4

rec-5.1.6

rec-5.1.7

rec-5.1.8

rec-5.1.9

rec-5.2.0

rec-5.2.0-alpha0

rec-5.2.0-alpha1

rec-5.2.0-beta1

rec-5.2.0-rc1

rec-5.2.1

rec-5.2.2

rec-5.2.4

rec-5.2.5

rec-5.2.6

rec-5.2.7

rec-5.2.8

rec-5.3.0

rec-5.3.0-alpha0

rec-5.3.0-alpha1

rec-5.3.0-alpha2

rec-5.3.0-beta1

rec-5.3.0-rc1

rec-5.3.1

rec-5.3.3

rec-5.3.4

rec-5.3.5

rec-5.4.0

rec-5.4.0-alpha0

rec-5.4.0-alpha1

rec-5.4.0-beta1

rec-5.4.0-rc1

rec-5.5.0-alpha0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10995.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0-sp1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    }
]