SB2019031814 - Input validation error in pdns (Alpine package)
Published: March 18, 2019
Security Bulletin ID
SB2019031814
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2019-3871)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing DNS requests in RESTful mode in the HTTP Connector of the Remote backend. A remote attacker can send a specially crafted DNS request to the affected server and perform denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=b8d81030dc9fbd092647bd1c73901b0c7cbcfb41
- https://git.alpinelinux.org/aports/commit/?id=333ed82593af01cf2a74180b9214c59528fb1e11
- https://git.alpinelinux.org/aports/commit/?id=0ef8821508fe2042c199551d43e728d1af2cde36
- https://git.alpinelinux.org/aports/commit/?id=c27a9a0149a05ea96879173e9c2275e97c789d00
- https://git.alpinelinux.org/aports/commit/?id=1bf6e4dfc6f744c7ba0a8e37cbe4a670a88489f8
- https://git.alpinelinux.org/aports/commit/?id=7296a289a69c4f85ce77dcde7915f59f071debf2
- https://git.alpinelinux.org/aports/commit/?id=a5a93e4963f1fa85d07871cbb586e952309b46b5