Main Vulnerability Database Vulnerabilities #VU15961

#VU15961 Improper input validation in PowerDNS Recursor and PowerDNS Authoritative - CVE-2018-14626

Published: November 19, 2018

Vulnerability identifier: #VU15961

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-14626

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PowerDNS Recursor
PowerDNS Authoritative

Software vendor:
PowerDNS.COM B.V.

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to DNSSEC validating clients consider the answer to be bogus until it expires from the packet cache. A remote attacker can craft a DNS query, cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype.

Remediation

The vulnerability has been fixed in the versions 4.1.5.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=1649028

#VU15961 Improper input validation in PowerDNS Recursor and PowerDNS Authoritative - CVE-2018-14626

Description

Remediation

External links

Please verify you're human