Bug 2188523 (CVE-2018-17419)

Summary: CVE-2018-17419 dns: Denial of Service (DoS)
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aazores, alitke, amasferr, amctagga, aveerama, bdettelb, chazlett, dfreiber, dkenigsb, dsimansk, dymurray, eaguilar, ebaron, eglynn, ellin, fdeutsch, gparvin, grafana-maint, ibolton, jburrell, jcantril, jjoyce, jkang, jkoehler, jkurik, jmatthew, jmontleo, joelsmith, jpallich, jwendell, kaycoth, lball, lgamliel, lhh, matzew, mburns, mfilanov, mgarciac, mkudlej, mrajanna, muagarwa, mwringe, nathans, nbecker, nboldt, njean, nobody, ocs-bugs, oramraz, owatkins, pahickey, periklis, pjindal, rcernich, rfreiman, rgarg, rhos-maint, rhuss, rjohnson, rogbas, scorneli, scox, sfroberg, shbose, skontopo, slucidi, smullick, spower, sseago, stcannon, teagle, tjochec, tnielsen, twalsh, ubhargav, vkumar, whayutin
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: github.com/miekg/dns 1.0.10 Doc Type: ---
Doc Text:
The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a remote attacker can cause the application to crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-31 16:44:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2188532    

Description Avinash Hanwate 2023-04-21 03:51:56 UTC 
An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.

https://github.com/miekg/dns/issues/742
Comment 8 errata-xmlrpc 2023-05-30 20:13:57 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:3304 https://access.redhat.com/errata/RHSA-2023:3304
Comment 9 errata-xmlrpc 2023-05-31 08:24:40 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:3287 https://access.redhat.com/errata/RHSA-2023:3287
Comment 11 errata-xmlrpc 2023-05-31 12:48:36 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2023:3309 https://access.redhat.com/errata/RHSA-2023:3309
Comment 12 Product Security DevOps Team 2023-05-31 16:44:09 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-17419
Comment 14 errata-xmlrpc 2023-06-07 09:12:14 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2023:3363 https://access.redhat.com/errata/RHSA-2023:3363
Comment 15 errata-xmlrpc 2023-10-31 12:54:43 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006