Today we have released PowerDNS Recursor 5.2.1.
This release fixes PowerDNS Security Advisory 2025-01: A crafted zone can lead to an illegal memory access in the Recursor. This advisory is also published here.
PowerDNS Security Advisory 2025-01: A crafted zone can lead to an illegal memory access in the Recursor
CVE: CVE-2025-30195
Date: 7th of April 2025.
Affects: PowerDNS Recursor 5.2.0
Not affected: PowerDNS Recursor 5.2.1 and versions before 5.2.0
Severity: High
Impact: Denial of service
Exploit: This problem can be triggered by an attacker publishing a crafted zone
Risk of system compromise: None
Solution: Upgrade to patched version
CVSS Score: 7.5, see
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1
The remedy is: upgrade to the patched 5.2.1 version.
We would like to thank Volodymyr Ilyin for bringing this issue to our attention.
Please refer to the changelog and upgrade guide for additional details.
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.
The tarball (with signature file) is available from our download server and packages for several distributions are available from our repository.
We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features.