VDB
CVE-2018-21029
CVE-2018-21029
PUBLISHED
CVSS 7.5 HIGH
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)
EPSS 1.56% · 81.8th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
1.56%
81.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| fedoraproject | fedora | 31 |
| systemd_project | systemd | 239 |
Exploit Intelligence
- https://github.com/systemd/systemd/blob/v239/man/resolved.conf.xml#L199-L207 (nist-nvd)
- https://github.com/systemd/systemd/blob/v243/man/resolved.conf.xml#L196-L207 (nist-nvd)
- https://github.com/systemd/systemd/issues/9397 (circl)
- https://blog.cloudflare.com/dns-encryption-explained/ (circl)
- https://github.com/systemd/systemd/blob/v243/src/resolve/resolved-dnstls-gnutls.c#L62-L63 (circl)
- FEDORA-2019-4c3ce3aa5c (circl)
- https://security.netapp.com/advisory/ntap-20191122-0002/ (circl)
- https://github.com/systemd/systemd/pull/13870 (circl)
- https://tools.ietf.org/html/rfc7858#section-4.1 (circl)
- glcve_test.go (github-poc)
…and 3 more exploits
Timeline
- Oct 30, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://github.com/systemd/systemd/issues/9397 url
- https://blog.cloudflare.com/dns-encryption-explained/ url
- https://github.com/systemd/systemd/blob/v243/src/resolve/resolved-dnstls-gnutls.c#L62-L63 url
- FEDORA-2019-4c3ce3aa5c vendor-advisory
- https://security.netapp.com/advisory/ntap-20191122-0002/ url
- https://github.com/systemd/systemd/pull/13870 url
- https://github.com/systemd/systemd/blob/v243/man/resolved.conf.xml#L196-L207 url
- https://github.com/systemd/systemd/blob/v239/man/resolved.conf.xml#L199-L207 url
- https://tools.ietf.org/html/rfc7858#section-4.1 url
- https://nvd.nist.gov/vuln/detail/CVE-2018-21029 advisory
- https://blog.cloudflare.com/dns-encryption-explained url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NLJVOJMB6ANDILRLDZK26YGLYBEPHKY url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4NLJVOJMB6ANDILRLDZK26YGLYBEPHKY url
- https://security.netapp.com/advisory/ntap-20191122-0002 url