Lucene search
GoogleOSV:GHSA-4CWW-F7W5-X525HistoryAug 25, 2021 - 8:46 p.m.
Stack consumption in trust-dns-server
2021-08-2520:46:13
Google
osv.dev
6
trust-dns-server
stack overflow
vulnerability
upgrade
additional records
dos
null target
EPSS
0.001
Percentile
48.0%
There’s a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records. Prior to 0.16.0 the additional record processing was not supported by trust-dns-server. There Are no known issues with upgrading from 0.16 or 0.17 to 0.18.1. The remidy should be to upgrade to 0.18.1. If unable to do so, MX, SRV or other record types with a target to the null type, should be avoided.
Related
osv
osv
CVE-2020-35857
2020-12-31 10:15:14
Stack overflow when resolving additional records from MX or SRV null targets
2020-01-06 12:00:00
nvd
nvd
CVE-2020-35857
2020-12-31 10:15:14
rustsec
rustsec
Stack overflow when resolving additional records from MX or SRV null targets
2020-01-06 12:00:00
prion
prion
Stack overflow
2020-12-31 10:15:00
cvelist
cvelist
CVE-2020-35857
2020-12-31 00:00:00
cve
cve
CVE-2020-35857
2020-12-31 10:15:14
github
github
Stack consumption in trust-dns-server
2021-08-25 20:46:13