CVE-2016-7069Improper Input Validation in Dnsdist

CWE-20Improper Input Validation7 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 96.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Powerdns DnsdistDebian DnsdistOpen-xchange Dnsdist
Timeline
PublishedSep 11
Latest updateMay 13

Description

An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/dnsdist< dnsdist 1.2.0-1 (bookworm)
Debianpowerdns/dnsdist< 1.2.0-1+3
NVDpowerdns/dnsdist1.2.0
CVEListV5open-xchange/dnsdist1.2.0

Patches

Patch: dnsdist.orgPatch: dnsdist.org

🔴Vulnerability Details

2
GHSA
GHSA-v3pf-fvxp-8mjf: An issue has been found in dnsdist before 12022-05-13
OSV
CVE-2016-7069: An issue has been found in dnsdist before 12018-09-11

📋Vendor Advisories

1
Debian
CVE-2016-7069: dnsdist - An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are...2016

💬Community

3
Bugzilla
CVE-2016-7069 dnsdist: Crafted backend responses can cause a denial of service2017-08-22
Bugzilla
CVE-2016-7069 CVE-2017-7557 dnsdist: various flaws [epel-7]2017-08-22
Bugzilla
CVE-2016-7069 CVE-2017-7557 dnsdist: various flaws [fedora-all]2017-08-22