{"api_version":"1","generated_at":"2026-04-22T16:29:37+00:00","cve":"CVE-2022-27227","urls":{"html":"https://cve.report/CVE-2022-27227","api":"https://cve.report/api/cve/CVE-2022-27227.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-27227","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-27227"},"summary":{"title":"CVE-2022-27227","description":"In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-03-25 15:15:00","updated_at":"2023-11-07 03:45:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/","name":"FEDORA-2022-8367cefdea","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: pdns-4.6.2-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/","name":"FEDORA-2022-6e19acf414","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: pdns-4.6.2-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/","name":"FEDORA-2022-1df2a841e4","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: pdns-recursor-4.6.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/","name":"FEDORA-2022-ccfd5d1045","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: pdns-4.6.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html","name":"https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html","refsource":"CONFIRM","tags":[],"title":"PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor — PowerDNS Authoritative Server  documentation","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/","name":"FEDORA-2022-ccfd5d1045","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: pdns-4.6.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/","name":"FEDORA-2022-8367cefdea","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: pdns-4.6.2-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://doc.powerdns.com/authoritative/security-advisories/index.html","name":"https://doc.powerdns.com/authoritative/security-advisories/index.html","refsource":"MISC","tags":[],"title":"Security Advisories — PowerDNS Authoritative Server  documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/","name":"FEDORA-2022-6e19acf414","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: pdns-4.6.2-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2022/03/25/1","name":"[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0","refsource":"MLIST","tags":[],"title":"oss-security - Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2,\n 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html","name":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html","refsource":"CONFIRM","tags":[],"title":"PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor — PowerDNS Recursor  documentation","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://docs.powerdns.com/recursor/security-advisories/index.html","name":"https://docs.powerdns.com/recursor/security-advisories/index.html","refsource":"MISC","tags":[],"title":"Security Advisories — PowerDNS Recursor  documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/","name":"FEDORA-2022-1df2a841e4","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: pdns-recursor-4.6.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-27227","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27227","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"27227","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27227","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27227","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27227","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"powerdns","cpe5":"authoritative_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27227","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"powerdns","cpe5":"recursor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-27227","qid":"183352","title":"Debian Security Update for pdns-recursorpdns (CVE-2022-27227)"},{"cve":"CVE-2022-27227","qid":"282597","title":"Fedora Security Update for pdns (FEDORA-2022-8367cefdea)"},{"cve":"CVE-2022-27227","qid":"282598","title":"Fedora Security Update for pdns (FEDORA-2022-6e19acf414)"},{"cve":"CVE-2022-27227","qid":"502149","title":"Alpine Linux Security Update for pdns-recursor"},{"cve":"CVE-2022-27227","qid":"502151","title":"Alpine Linux Security Update for pdns"},{"cve":"CVE-2022-27227","qid":"502327","title":"Alpine Linux Security Update for pdns-recursor"},{"cve":"CVE-2022-27227","qid":"502328","title":"Alpine Linux Security Update for pdns"},{"cve":"CVE-2022-27227","qid":"690830","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for powerdns-recursor (cb84b940-add5-11ec-9bc8-6805ca2fa271)"},{"cve":"CVE-2022-27227","qid":"690831","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for powerdns (2cda5c88-add4-11ec-9bc8-6805ca2fa271)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-27227","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://docs.powerdns.com/recursor/security-advisories/index.html","refsource":"MISC","name":"https://docs.powerdns.com/recursor/security-advisories/index.html"},{"url":"https://doc.powerdns.com/authoritative/security-advisories/index.html","refsource":"MISC","name":"https://doc.powerdns.com/authoritative/security-advisories/index.html"},{"refsource":"CONFIRM","name":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html","url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"},{"refsource":"CONFIRM","name":"https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html","url":"https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html"},{"refsource":"MLIST","name":"[oss-security] 20220325 Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0","url":"http://www.openwall.com/lists/oss-security/2022/03/25/1"},{"refsource":"FEDORA","name":"FEDORA-2022-8367cefdea","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT/"},{"refsource":"FEDORA","name":"FEDORA-2022-6e19acf414","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEABZA46XYEUWMGSY2GYYVHISBVWEHIO/"},{"refsource":"FEDORA","name":"FEDORA-2022-1df2a841e4","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJSKICB67SPPEGNXCQLZVSWR6QGCN3KP/"},{"refsource":"FEDORA","name":"FEDORA-2022-ccfd5d1045","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPHOFNI7FKM5NNOVDOWO4TBXFAFICCUE/"}]}},"nvd":{"publishedDate":"2022-03-25 15:15:00","lastModifiedDate":"2023-11-07 03:45:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"4.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.5.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"4.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.5.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:powerdns:authoritative_server:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4.8","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}