This issue has been corrected in LAVA server before 2022.11.1. In order to prevent such occurrences, we highly recommend that input validation be implemented on all components of your software stack, as well as other systems that receive configuration data.
CVE-2018-2430
An input validation vulnerability in BIND affecting Windows, Linux, and macOS has been discovered.
This vulnerability was disclosed on 2018-06-25 and fixed in LAVA before 2022.11.1
To prevent such occurrences, we highly recommend that input validation be implemented on all components of your software stack, as well as other systems that receive configuration data.
Potential Impact
This vulnerability allows attackers to cause a crash of the system by sending a maliciously crafted configuration file with a corrupted XML value. This is only one instance of an XML-based vulnerability in the stack, and therefore, we recommend that input validation be implemented on all components of your software stack as well as other systems that receive configuration data.
Things to Note:
1. The LAVA server has been corrected before 2022.11.1
2. It's recommended to implement input validation on all components of your software stack
Timeline
Published on: 11/18/2022 23:15:00 UTC
Last modified on: 11/23/2022 13:19:00 UTC