Vulnerability Details : CVE-2018-14644
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.
Vulnerability category: Input validation
Products affected by CVE-2018-14644
- cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
Threat overview for CVE-2018-14644
Top countries where our scanners detected CVE-2018-14644
Top open port discovered on systems with this issue
53
IPs affected by CVE-2018-14644 709
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-14644!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-14644
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-14644
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
Red Hat, Inc. |
CWE ids for CVE-2018-14644
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2018-14644
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14644
1648378 – (CVE-2018-14644) CVE-2018-14644 pdns: crafted query for meta-types can lead to a DoSIssue Tracking;Third Party Advisory
-
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html
PowerDNS Security Advisory 2018-07: Crafted query for meta-types can cause a denial of service — PowerDNS Recursor documentationVendor Advisory
Jump to