CVE-2018-21029

CWE-295 — Improper Certificate Validation9 documents8 sources

Severity

9.8CRITICAL

EPSS

1.6%

top 18.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Systemd Project Systemd Fedoraproject Fedora

Timeline

PublishedOct 30

Latest updateMay 24

Description

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDsystemd_project/systemd239 — 244

▶Debiansystemd< 244-1+3

Also affects: Fedora 31

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-h2fw-qh29-9jv7: systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS Over TLS↗2022-05-24

▶

CVEList

CVE-2018-21029: systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS↗2019-10-30

▶

OSV

CVE-2018-21029: systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS↗2019-10-30

▶

📋Vendor Advisories

Microsoft

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent and there is no hostname validation with the GnuTLS↗2019-10-08

▶

Red Hat

systemd: incorrect certificate validation results in acceptance of any certificate signed by a trusted certificate authority for DNS over TLS↗2018-06-24

▶

Debian

CVE-2018-21029: systemd - systemd 239 through 245 accepts any certificate signed by a trusted certificate ...↗2018

▶

💬Community

Bugzilla

CVE-2018-21029 systemd: incorrect certificate validation results in acceptance of any certificate signed by a trusted certificate authority for DNS over TLS [fedora-all]↗2019-11-12

▶

Bugzilla

CVE-2018-21029 systemd: incorrect certificate validation results in acceptance of any certificate signed by a trusted certificate authority for DNS over TLS↗2019-11-12

▶