---

CVE-2018-1046 - log back

CVE-2018-1046 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Local
Type	+ Arbitrary code execution
Description	+ An issue has been found in the dnsreplay tool provided with PowerDNS Authoritative, where replaying a specially crafted PCAP file can trigger a stack based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the --ecs-stamp option of dnsreplay is used. Regardless of this issue, the use of dnsreplay with untrusted PCAP files is not advised.
References	+ https://marc.info/?l=oss-security&m=152585376901543 + https://github.com/PowerDNS/pdns/commit/f9c57c98da1b1007a51680629b667d57d9b702b8 + https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html
Notes