CVE-2018-14663

EUVD-2018-6558
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
redhatCNA
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
powerdnsdnsdist
𝑥
≤ 1.3.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dnsdist
bookworm
1.7.3-2
fixed
bullseye
1.5.1-3
fixed
sid
1.9.6-1
fixed
stretch
no-dsa
trixie
1.9.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dnsdist
bionic
needs-triage
cosmic
ignored
disco
not-affected
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14663
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14663
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html