Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-14626 |
CWE-ID | CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
pdns (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU15961
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14626
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to DNSSEC validating clients consider the answer to be bogus until it expires from the packet cache. A remote attacker can craft a DNS query, cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype.
MitigationInstall update from vendor's website.
Vulnerable software versionspdns (Alpine package): 4.0.3-r0 - 4.1.3-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=0ef8821508fe2042c199551d43e728d1af2cde36
http://git.alpinelinux.org/aports/commit/?id=a5a93e4963f1fa85d07871cbb586e952309b46b5
http://git.alpinelinux.org/aports/commit/?id=25d9fe89a4cbd43e9f7cc3e4f9c28cf372f28c57
http://git.alpinelinux.org/aports/commit/?id=08ec10f083f3eb9549ad5efb4acdbe2c313bc4c2
http://git.alpinelinux.org/aports/commit/?id=a82df6a94c042f4bf27b6d162cda7fb7d7f513b5
http://git.alpinelinux.org/aports/commit/?id=d4b0f51ac1e8c9d50821593f4982da6bdb1c68a5
http://git.alpinelinux.org/aports/commit/?id=0756f3f95a7b96bfe212a78d42d64da35b03a78a
http://git.alpinelinux.org/aports/commit/?id=2757748db3f9d1beb27dde1298b044cb48fd3edc
http://git.alpinelinux.org/aports/commit/?id=38a6a429ec5f1bf1ac039294e2692d2f5f9760f5
http://git.alpinelinux.org/aports/commit/?id=e0ddcae164893e75083138445b2eaf4700047025
http://git.alpinelinux.org/aports/commit/?id=bf63f1bdf313c1988b026709f085a9c52811b797
http://git.alpinelinux.org/aports/commit/?id=943fe828eb474fd0c86ec357c79b053b6b7c469a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.