DEBIAN-CVE-2022-27227

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2022-27227

Published: 25 Mar 2022, 15:15

Last modified:28 Apr 2026, 20:24

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Mar 2022, 15:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:24

Last Modified

Vulnerability information updated

Description

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

debian•pdns
all | < 4.6.1-1 | < 4.6.1-1 | < 4.6.1-1
debian•pdns-recursor
all | < 4.6.1-1 | < 4.6.1-1 | < 4.6.1-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2022-27227