hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression

During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...

async-std-resolver (>=0.25.0-alpha.1 <=0.25.0-alpha.5), ezk-sip-ua (>=0.5.0 <=0.7.1) +3 more potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.5)

hickory-proto CARGO version =0.25.0-alpha.5 is affected by a known vulnerability. The following packages have a transitive dependency on hickory-proto and may be impacted: - async-std-resolver =0.25.0-alpha.1, =0.5.0, =0.25.0-alpha.1, =0.25.0-alpha.5 - hickory-resolver =0.25.0-alpha.1 Source cves...

async-std-resolver (>=0.25.0-alpha.1 <=0.25.0-alpha.5), ezk-sip-ua (>=0.5.0 <=0.7.1) +3 more potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.5)

hickory-proto CARGO version =0.25.0-alpha.5 is affected by a known vulnerability. The following packages have a transitive dependency on hickory-proto and may be impacted: - async-std-resolver =0.25.0-alpha.1, =0.5.0, =0.25.0-alpha.1, =0.25.0-alpha.5 - hickory-resolver =0.25.0-alpha.1 Source cves...

CPU exhaustion during message encoding due to O(n²) name compression

During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...

RUSTSEC-2026-0119 CPU exhaustion during message encoding due to O(n²) name compression

During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...

Fedora 42 : rust-hickory-proto (2025-99f0d93d68)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-99f0d93d68 advisory. Update to version 0.24.4. Also contains fixes for RUSTSEC-2025-0006. Tenable has extracted the preceding description block directly from the Fedora security...

Fedora: Security Advisory (FEDORA-2025-def79f4594)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-99f0d93d68)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-5e5b0cc812)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: rust-hickory-proto-0.24.4-1.fc42

Hickory DNS is a safe and secure DNS library. This is the foundational DNS protocol library for all Hickory DNS projects...

[SECURITY] Fedora 41 Update: rust-hickory-proto-0.24.4-1.fc41

Hickory DNS is a safe and secure DNS library. This is the foundational DNS protocol library for all Hickory DNS projects...

[SECURITY] Fedora 40 Update: rust-hickory-proto-0.24.4-1.fc40

Hickory DNS is a safe and secure DNS library. This is the foundational DNS protocol library for all Hickory DNS projects...

Fedora 41 : rust-hickory-proto (2025-def79f4594)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-def79f4594 advisory. Update to version 0.24.4. Also contains fixes for RUSTSEC-2025-0006. Tenable has extracted the preceding description block directly from the Fedora security...

RUSTSEC-2025-0017 The `trust-dns` project has been rebranded to `hickory-dns`

The trust-dns-proto crate is now available as hickory-proto...

hickory-server (=0.25.0-alpha.1) potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.1)

hickory-proto CARGO version =0.25.0-alpha.1 is affected by a known vulnerability. The following packages have a transitive dependency on hickory-proto and may be impacted: - hickory-server =0.25.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:GHSA-V7PC-74H8-XQ2H...

areq (=0.1.0-alpha), bws-web-server (>=0.1.0 <=0.1.1) +26 more potentially affected by unknown CVE via h2 (=0.4.14)

h2 CARGO version =0.4.14 is affected by a known vulnerability. The following packages have a transitive dependency on h2 and may be impacted: - areq =0.1.0-alpha - bws-web-server =0.1.0, =0.5.2, =0.1.0, =1.0.0, =1.5.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.6.0 and more Source cves: unknown CVE Sourc...