CVE-2016-7069

Published: Sep 11, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash.

Affected (1)

Products: Powerdns: Dnsdist

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Powerdns Dnsdist	Up to 1.2.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.securityfocus.com/bid/100509

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7069

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html

Source: secalert@redhat.com

PatchVendor Advisory

http://www.securityfocus.com/bid/100509

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7069

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.