CVE-2018-1000003 — Improper Input Validation in Recursor

CWE-20 — Improper Input Validation8 documents6 sources
Severity
3.7LOWNVD
EPSS
0.0%
top 96.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Powerdns Recursor
Timeline
PublishedJan 22
Latest updateMay 14

Description

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

â–¶NVDpowerdns/recursor4.1.0

🔴Vulnerability Details

3
GHSA
GHSA-vm3q-6vgq-8qhr: Improper input validation bugs in DNSSEC validators components in PowerDNS version 4↗2022-05-14
â–¶
CVEList
CVE-2018-1000003: Improper input validation bugs in DNSSEC validators components in PowerDNS version 4↗2018-01-22
â–¶
OSV
CVE-2018-1000003: Improper input validation bugs in DNSSEC validators components in PowerDNS version 4↗2018-01-22
â–¶

📋Vendor Advisories

1
Debian
CVE-2018-1000003: pdns-recursor - Improper input validation bugs in DNSSEC validators components in PowerDNS versi...↗2018
â–¶

💬Community

3
Bugzilla
CVE-2018-1000003 pdns: Improper validation of wildcard synthesized NSEC records [epel-all]↗2018-01-24
â–¶
Bugzilla
CVE-2018-1000003 pdns: Improper validation of wildcard synthesized NSEC records [fedora-all]↗2018-01-24
â–¶
Bugzilla
CVE-2018-1000003 pdns: Improper validation of wildcard synthesized NSEC records↗2017-11-07
â–¶
CVE-2018-1000003 — Improper Input Validation | cvebase