What is CVE-2018-14663?

CVE-2018-14663 is a vulnerability found in PowerDNS DNSDist before 1.3.3 that allows a remote attacker to craft a DNS query with trailing data that can be smuggled to the backend as a valid record.

What is the severity of CVE-2018-14663?

CVE-2018-14663 has a severity rating of medium, with a CVSS score of 5.9.

How can a remote attacker exploit CVE-2018-14663?

A remote attacker can exploit CVE-2018-14663 by crafting a DNS query with trailing data to smuggle additional records to the backend.

What is the affected software for CVE-2018-14663?

The affected software for CVE-2018-14663 is PowerDNS DNSDist version up to and including 1.3.2.

Is there a fix available for CVE-2018-14663?

Yes, a fix is available for CVE-2018-14663 in PowerDNS DNSDist version 1.3.3.

Vulnerability/
CVE-2018-14663

medium

5.9

CWE

26/11/2018

5/8/2024

CVE-2018-14663: Input Validation

First published: Mon Nov 26 2018(Updated: )

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
PowerDNS DNSDist	<=1.3.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-14663?
CVE-2018-14663 is a vulnerability found in PowerDNS DNSDist before 1.3.3 that allows a remote attacker to craft a DNS query with trailing data that can be smuggled to the backend as a valid record.
What is the severity of CVE-2018-14663?
CVE-2018-14663 has a severity rating of medium, with a CVSS score of 5.9.
How can a remote attacker exploit CVE-2018-14663?
A remote attacker can exploit CVE-2018-14663 by crafting a DNS query with trailing data to smuggle additional records to the backend.
What is the affected software for CVE-2018-14663?
The affected software for CVE-2018-14663 is PowerDNS DNSDist version up to and including 1.3.2.
Is there a fix available for CVE-2018-14663?
Yes, a fix is available for CVE-2018-14663 in PowerDNS DNSDist version 1.3.3.

collector/nvd-index
agent/weakness
agent/references
agent/author
agent/severity
agent/description
agent/type
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/powerdns
canonical/powerdns dnsdist
version/powerdns dnsdist/1.3.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.