CVE-2008-3337 — Improper Input Validation in Authoritative Server

CWE-20 — Improper Input Validation7 documents7 sources

Severity

6.4MEDIUMNVD

CNA6.8OSV6.8

EPSS

0.0%

top 94.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Pdns Powerdns Authoritative Server

Timeline

PublishedAug 8

Latest updateMay 1

Description

PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶NVDpowerdns/authoritative_server2.9.21

▶Debianopen-xchange/pdns< 2.9.21.1-1+3

Patches

Patch: mailman.powerdns.com ↗Patch: mailman.powerdns.com ↗

🔴Vulnerability Details

GHSA

GHSA-rj9p-mrcp-3f7h: PowerDNS Authoritative Server before 2↗2022-05-01

▶

OSV

CVE-2008-3337: PowerDNS Authoritative Server before 2↗2008-08-08

▶

CVEList

CVE-2008-3337: PowerDNS Authoritative Server before 2↗2008-08-08

▶

📋Vendor Advisories

Debian

CVE-2008-3337: pdns - PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which mig...↗2008

▶

Red Hat

pdns: not responding invalid queries my simplify spoofing attacks↗

▶

💬Community

Bugzilla

CVE-2008-3337 pdns: not responding invalid queries my simplify spoofing attacks↗2008-08-06

▶