{"id":"CVE-2022-37428","details":"PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.","modified":"2026-04-10T04:49:53.935624Z","published":"2022-08-23T17:15:15.170Z","related":["openSUSE-SU-2022:10171-1","openSUSE-SU-2024:12281-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FXSREJKTT6RNE3GXQENQ4R4HS37UNSPX/"},{"type":"ADVISORY","url":"https://docs.powerdns.com/recursor/lua-config/protobuf.html"},{"type":"ADVISORY","url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/powerdns/pdns","events":[{"introduced":"8acf42e9ad4c339b7636693ed2d22e305a2e2335"},{"fixed":"87735c1c89bc36570210ff470d3e47ae8a17697a"},{"introduced":"267458e54fe9446084c4f0ecf980b5c307d84c56"},{"fixed":"9067ba9431f2533dca50d07d6e7d245bfce97960"},{"introduced":"677a4e8ea8f791d27d2a75c1f3e6486dff11e22f"},{"fixed":"2bf98efd6d8026efcfc6b99ccd09703dcc5fe636"}],"database_specific":{"versions":[{"introduced":"4.5.0"},{"fixed":"4.5.10"},{"introduced":"4.6.0"},{"fixed":"4.6.3"},{"introduced":"4.7.0"},{"fixed":"4.7.2"}]}}],"versions":["rec-4.5.0","rec-4.5.1","rec-4.5.2","rec-4.5.3","rec-4.5.4","rec-4.5.5","rec-4.5.6","rec-4.5.7","rec-4.5.9","rec-4.6.0","rec-4.6.2","rec-4.7.0","rec-4.7.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"36"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37428.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}