Today we have released PowerDNS Recursor 5.1.10, 5.2.8 and 5.3.5. These releases fix a PowerDNS Security Advisory
* 2026-01: Crafted zones can lead to increased resource usage in
Recursor
There are two CVEs associated with this advisory, both of severity
Medium.
__________________________________________________________________
* CVE: CVE-2026-24027
* Date: 9th February 2026
* Affects: PowerDNS Recursor up and including to 5.1.9, 5.2.7 and
5.3.4
* Not affected: PowerDNS Recursor 5.1.10, 5.2.8 and 5.3.5
* Severity: Medium
* Impact: Denial of Service
* Exploit: This problem can be triggered by publishing and querying a
crafted zone that causes increased incoming network traffic.
* Risk of system compromise: None
* Solution: Upgrade to patched version
CVSS Score: 5.3, see
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P
R:N/UI:N/S:U/C:N/I:N/A:L&version=3.1[1]
The remedy is: upgrade to a patched version.
We would like to thank Shuhan Zhang from Tsinghua University for
bringing this issue to our attention.
* CVE: CVE-2026-0398
* Date: 9th February 2026
* Affects: PowerDNS Recursor up and including to 5.1.9, 5.2.7 and
5.3.4
* Not affected: PowerDNS Recursor 5.1.10, 5.2.8 and 5.3.5
* Severity: Medium
* Impact: Denial of Service
* Exploit: This problem can be triggered by publishing and querying a
crafted zone that causes large memory usage.
* Risk of system compromise: None
* Solution: Upgrade to patched version
CVSS Score: 5.3, see
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P
R:N/UI:N/S:U/C:N/I:N/A:L&version=3.1[2]
The remedy is: upgrade to a patched version.
We would like to thank Yufan You from Tsinghua University for bringing
this issue to our attention.
We would also like to thank TaoFei Guo from Peking University and Yang
Luo, JianJun Chen from Tsinghua University for bringing an issue of
caching irrelevant records related to CNAME chains to our attention.
__________________________________________________________________
Please refer to the changelogs (5.1.10[3], 5.2.8[4] and 5.3.5[5]) for
additional details
Please send us all feedback and issues you might have via the mailing
list[6], or in case of a bug, via GitHub[7].
The tarballs (5.1.10[8], 5.2.8[9], 5.3.5[10]) (with signature files
5.1.10[11], 5.2.8[12], 5.3.5[13]) are available from our
download server[14] and packages for several distributions are
available from our repository[15].
At the moment of writing, the patches[16] are not incorporated yet in
the public github repository. There has been a delay in the process to
transfer them from our private repository (where they were developed)
to the public repository.
Recently we made changes to our Open Source End of Life policy. Older
release trains are now supported for one year after the following major
release. Consult the EOL policy[17] for more details.
We are grateful to the PowerDNS community for the reporting of bugs,
issues, feature requests, and especially to the submitters of fixes and
implementations of features.
References
1.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L&version=3.1
2.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L&version=3.1
3. https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.10
4. https://doc.powerdns.com/recursor/changelog/5.2.html#change-5.2.8
5. https://doc.powerdns.com/recursor/changelog/5.3.html#change-5.3.5
6. https://mailman.powerdns.com/mailman/listinfo/pdns-users
7. https://github.com/PowerDNS/pdns/issues/new/choose
8. https://downloads.powerdns.com/releases/pdns-recursor-5.1.10.tar.bz2
9. https://downloads.powerdns.com/releases/pdns-recursor-5.2.8.tar.bz2
10. https://downloads.powerdns.com/releases/pdns-recursor-5.3.5.tar.xz
11. https://downloads.powerdns.com/releases/pdns-recursor-5.1.10.tar.bz2.sig
12. https://downloads.powerdns.com/releases/pdns-recursor-5.2.8.tar.bz2.sig
13. https://downloads.powerdns.com/releases/pdns-recursor-5.3.5.tar.xz.sig
14. https://downloads.powerdns.com/releases/
15. https://repo.powerdns.com/
16. https://downloads.powerdns.com/patches/2026-01/
17. https://docs.powerdns.com/recursor/appendices/EOL.html
signature.asc
Description: PGP signature
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
