CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
51.4%
MaraDNS is open-source software that implements the Domain Name System
(DNS). In version 3.5.0024 and prior, a remotely exploitable integer
underflow vulnerability in the DNS packet decompression function allows an
attacker to cause a Denial of Service by triggering an abnormal program
termination. The vulnerability exists in the decomp_get_rddata
function
within the Decompress.c
file. When handling a DNS packet with an Answer
RR of qtype 16 (TXT record) and any qclass, if the rdlength
is smaller
than rdata
, the result of the line Decompress.c:886
is a negative
number len = rdlength - total;
. This value is then passed to the
decomp_append_bytes
function without proper validation, causing the
program to attempt to allocate a massive chunk of memory that is impossible
to allocate. Consequently, the program exits with an error code of 64,
causing a Denial of Service. One proposed fix for this vulnerability is to
patch Decompress.c:887
by breaking if(len <= 0)
, which has been
incorporated in version 3.5.0036 via commit
bab062bde40b2ae8a91eecd522e84d8b993bab58.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | maradns | < 2.0.13-1.2ubuntu0.1~esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | maradns | < 2.0.13-1.4+deb11u1build0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | maradns | < 2.0.13-1.4+deb11u1build0.22.04.1 | UNKNOWN |
ubuntu | 23.04 | noarch | maradns | < 2.0.13-1.4+deb11u1build0.23.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | maradns | < 2.0.13-1ubuntu0.1~esm1 | UNKNOWN |
github.com/samboy/MaraDNS/blob/08b21ea20d80cedcb74aa8f14979ec7c61846663/dns/Decompress.c#L886
github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58
github.com/samboy/MaraDNS/security/advisories/GHSA-58m7-826v-9c3c
launchpad.net/bugs/cve/CVE-2023-31137
nvd.nist.gov/vuln/detail/CVE-2023-31137
security-tracker.debian.org/tracker/CVE-2023-31137
ubuntu.com/security/notices/USN-6271-1
www.cve.org/CVERecord?id=CVE-2023-31137