UBUNTU-CVE-2022-27227

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2022-27227
Downstream
USN-7203-1
Published: 25 Mar 2022, 15:15
Last modified:04 Feb 2026, 02:19

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

25 Mar 2022, 15:15
Published
Vulnerability first disclosed
04 Feb 2026, 02:19
Last Modified
Vulnerability information updated

Description

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

  • ubuntupdns

    all | < 4.1.1-1ubuntu0.1~esm1 | < 4.2.1-1ubuntu0.1~esm1 | < 4.5.3-1ubuntu0.1~esm1

  • ubuntupdns-recursor

    all | < 4.1.1-2ubuntu0.1~esm1 | < 4.2.1-1ubuntu0.1~esm1 | < 4.6.0-1ubuntu1+esm1

References (9)