CVE-2018-14663

Published: Nov 26, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend.

Affected (1)

Products: Powerdns: Dnsdist

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Powerdns Dnsdist	Up to 1.3.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14663

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14663

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.