CVE-2022-37428 - OpenCVE

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Powerdns	Recursor

Configuration 1 [-]

OR	cpe:2.3:a:powerdns:recursor::::::::
	cpe:2.3:a:powerdns:recursor::::::::
	cpe:2.3:a:powerdns:recursor::::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.powerdns.com/recursor/lua-config/protobuf.html
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-23T16:33:04

Updated: 2024-08-03T10:29:21.028Z

Reserved: 2022-08-05T00:00:00

Link: CVE-2022-37428

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-23T17:15:15.170

Modified: 2023-11-07T03:49:48.360

Link: CVE-2022-37428

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:U/UI:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-01T11:06:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.powerdns.com/recursor/lua-config/protobuf.html"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html"}, {"name": "FEDORA-2022-d1dcd9b046", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-37428", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:U/UI:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.powerdns.com/recursor/lua-config/protobuf.html", "refsource": "MISC", "url": "https://docs.powerdns.com/recursor/lua-config/protobuf.html"}, {"name": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html", "refsource": "MISC", "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html"}, {"name": "FEDORA-2022-d1dcd9b046", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:29:21.028Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.powerdns.com/recursor/lua-config/protobuf.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html"}, {"name": "FEDORA-2022-d1dcd9b046", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-37428", "datePublished": "2022-08-23T16:33:04", "dateReserved": "2022-08-05T00:00:00", "dateUpdated": "2024-08-03T10:29:21.028Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "matchCriteriaId": "8ACF33C1-AF43-4F5B-B18A-D5D5B9E2573E", "versionEndExcluding": "4.5.10", "versionStartIncluding": "4.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "matchCriteriaId": "311028C3-FA63-4026-A7DE-E7FEB8706906", "versionEndExcluding": "4.6.3", "versionStartIncluding": "4.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6CA6CBA-F70B-4833-B2C4-B1C3A79A686A", "versionEndExcluding": "4.7.2", "versionStartIncluding": "4.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties."}, {"lang": "es", "value": "PowerDNS Recursor versiones hasta 4.5.9, 4.6.2 y 4.7.1 incluy\u00e9ndola, cuando el registro de protobufs est\u00e1 habilitado, presenta una limpieza inapropiada tras una excepci\u00f3n lanzada, conllevando a una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de una consulta DNS que conlleva a una respuesta con propiedades espec\u00edficas."}], "id": "CVE-2022-37428", "lastModified": "2023-11-07T03:49:48.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2022-08-23T17:15:15.170", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.powerdns.com/recursor/lua-config/protobuf.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-459"}], "source": "nvd@nist.gov", "type": "Primary"}]}