CVE-2018-14663Improper Input Validation in Dnsdist

CWE-20Improper Input Validation8 documents6 sources
Severity
5.9MEDIUMNVD
EPSS
0.0%
top 96.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Powerdns Dnsdist
Timeline
PublishedNov 26
Latest updateMay 13

Description

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only whe

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

Debianpowerdns/dnsdist< 1.3.3-1+3
NVDpowerdns/dnsdist1.3.2

🔴Vulnerability Details

3
GHSA
GHSA-r2j7-9v32-854m: An issue has been found in PowerDNS DNSDist before 12022-05-13
CVEList
CVE-2018-14663: An issue has been found in PowerDNS DNSDist before 12018-11-26
OSV
CVE-2018-14663: An issue has been found in PowerDNS DNSDist before 12018-11-26

📋Vendor Advisories

1
Debian
CVE-2018-14663: dnsdist - An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attac...2018

💬Community

3
Bugzilla
CVE-2018-14663 dnsdist: Record smuggling when adding ECS or XPF2018-11-12
Bugzilla
CVE-2018-14663 dnsdist: Record smuggling when adding ECS or XPF [fedora-all]2018-11-12
Bugzilla
CVE-2018-14663 dnsdist: Record smuggling when adding ECS or XPF [epel-7]2018-11-12
CVE-2018-14663 — Improper Input Validation in Dnsdist | cvebase