CVE-2018-1046

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: PowerDNS Authoritative versions prior to 4.1.2

Description: The issue is related to a buffer overflow in the dnsreplay tool. When the -ecs-stamp option of dnsreplay is used to replay a specially crafted PCAP file, it can trigger a stack-based buffer overflow. This leads to a crash and potentially allows for arbitrary code execution.

Recommendations: For versions prior to 4.1.2, update to version 4.1.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the -ecs-stamp option in dnsreplay until the update is applied.

Fix

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

ALT-PU-2020-1325

ALT-PU-2020-1407

CVE-2018-1046

MGASA-2018-0255

OPENSUSE-SU-2018:1462-1

OPENSUSE-SU-2018_1384-1

OPENSUSE-SU-2018_1442-1

OPENSUSE-SU-2024:11156-1

SUSE-SU-2018:1660-1

USN-7203-1

Affected Products

Alt Linux

Linuxmint

Powerdns Authoritative

Powerdns Authoritative Server

Suse

Ubuntu

CVE-2018-1046

Weakness Enumeration

Related Identifiers

Affected Products

References · 64