CVE-2022-37428: 
Linux Debian vulnerability analysis and mitigation

CVE-2022-37428 affects PowerDNS Recursor versions up to and including 4.5.9, 4.6.2, and 4.7.1. The vulnerability was disclosed on August 23, 2022, and involves an Improper Cleanup upon a Thrown Exception when protobuf logging is enabled. This security issue specifically affects recursors that have protobuf logging enabled using either the protobufServer function with logResponses=true or outgoingProtobufServer function with logResponses=true (PowerDNS Advisory).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue stems from improper exception handling related to protobuf message generation when processing DNS queries that lead to answers with specific properties. The vulnerability is categorized under CWE-459 (Incomplete Cleanup) (NVD).

The primary impact of this vulnerability is a denial of service through daemon crashes. When an attacker sends a specially crafted DNS query that leads to an answer with specific properties, it can cause a protobuf message to generate an exception that is not handled correctly, resulting in service disruption (PowerDNS Advisory).

The recommended solutions include upgrading to the patched versions (4.5.10, 4.6.3, or 4.7.2) or disabling protobuf logging of responses. For Fedora users, a security update (pdns-recursor-4.6.3-1.fc36) has been released to address this vulnerability (Fedora Update).