PT-2018-4975 · Powerdns+1 · Dnsdist+1

Guido Vranken

Published

2018-09-11

Updated

2024-06-15

CVE-2016-7069

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions dnsdist versions prior to 1.2.0

Description The issue arises from the handling of EDNS0 OPT records when parsing responses from a backend in dnsdist. Specifically, when dnsdist is configured to add EDNS Client Subnet to a query, it may receive a response containing an EDNS0 OPT record that needs to be removed before forwarding the response to the client. On 32-bit systems, the pointer arithmetic used to remove this record can trigger undefined behavior, leading to a crash.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-7069

OPENSUSE-SU-2023_2760-2

OPENSUSE-SU-2024:12731-1

SUSE-SU-2023:2760-1

SUSE-SU-2023:2760-2

SUSE-SU-2023:2777-1

SUSE-SU-2023_2760-1

SUSE-SU-2023_2760-2

SUSE-SU-2023_2777-1

Affected Products

Suse

Dnsdist

PT-2018-4975 · Powerdns+1 · Dnsdist+1

CVE-2016-7069

Weakness Enumeration

Related Identifiers

Affected Products

References · 24