CVE-2018-1000003

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.

References

https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type

GIT

Repo

https://github.com/powerdns/pdns

Events

Introduced

Last affected

80da1b4773cbdad76755b01c70739059d6f607af

Database specific

{
    "cpe": "cpe:2.3:a:powerdns:recursor:4.1.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.0"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

auth-3.*

auth-3.1-rc1

auth-3.1-rc2

auth-3.1-rc3

auth-3.2-rc1

auth-3.2-rc2

auth-3.2-rc3

auth-3.2-rc4

auth-3.4.0

auth-3.4.0-rc1

auth-3.4.0-rc2

auth-4.*

auth-4.0.0

auth-4.0.0-alpha1

auth-4.0.0-alpha2

auth-4.0.0-alpha3

auth-4.0.0-beta1

auth-4.0.0-rc1

auth-4.0.0-rc2

auth-4.0.1

auth-4.1.0

auth-4.1.0-rc1

auth-4.1.0-rc2

auth-4.1.0-rc3

dnsdist-1.*

dnsdist-1.0.0

dnsdist-1.0.0-alpha1

dnsdist-1.0.0-alpha2

dnsdist-1.0.0-beta1

dnsdist-1.1.0

dnsdist-1.1.0-beta1

dnsdist-1.1.0-beta2

dnsdist-1.2.0

Other

rec-3-0

rec-3-0-1

rec-3.*

rec-3.0

rec-3.0.1

rec-3.1.4

rec-3.3.1

rec-3.5

rec-3.5-rc1

rec-3.5-rc3

rec-3.5-rc4

rec-3.5-rc5

rec-3.6.0

rec-4.*

rec-4.0.0

rec-4.0.0-alpha1

rec-4.0.0-alpha2

rec-4.0.0-alpha3

rec-4.0.0-beta1

rec-4.0.0-rc1

rec-4.0.1

rec-4.0.2

rec-4.1.0

rec-4.1.0-alpha1

rec-4.1.0-rc1

rec-4.1.0-rc2

rec-4.1.0-rc3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000003.json"