EUVD-2021-1559

Malware in sbrugna...

CVE-2020-35857

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...

GHSA-5FM9-H728-FWPJ trust-dns vulnerable to Remote Attackers causing Denial-of-Service (packet loops) with crafted DNS packets

trust-dns and trust-dns-server are vulnerable to remotely triggered denial-of-service attacks, consuming both network and CPU resources. DNS messages with the QR=1 bit set are responded to with a FormErr response. This allows creating a traffic loop, in which these FormErr responses are sent...

aardvark-dns (>=1.0.3 <=1.1.0), acme-dns-rust (>=1.0.0 <=1.1.6) +16 more potentially affected by unknown CVE via trust-dns-server (>=0.13.0 <=0.22.0)

trust-dns-server CARGO version =0.13.0, =1.0.3, =1.0.0, =1.4.0, =1.7.0, =0.1.0, =1.12.2, =1.13.0 - localns =1.0.0 - oxidux =0.4.0 - polyresolver =0.1.0 - simple-dns-server =0.1.0 - single-use-dns =0.1.0 - snail =0.4.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5FM9-H728-FWPJ...

RUSTSEC-2023-0041 Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets

trust-dns and trust-dns-server are vulnerable to remotely triggered denial-of-service attacks, consuming both network and CPU resources. DNS messages with the QR=1 bit set are responded to with a FormErr response. This allows creating a traffic loop, in which these FormErr responses are sent...

aardvark-dns (>=1.0.3 <=1.1.0), acme-dns-rust (>=1.0.0 <=1.1.6) +16 more potentially affected by unknown CVE via trust-dns-server (>=0.13.0 <=0.22.0)

trust-dns-server CARGO version =0.13.0, =1.0.3, =1.0.0, =1.4.0, =1.7.0, =0.1.0, =1.12.2, =1.13.0 - localns =1.0.0 - oxidux =0.4.0 - polyresolver =0.1.0 - simple-dns-server =0.1.0 - single-use-dns =0.1.0 - snail =0.4.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0041...

Stack consumption in trust-dns-server

There's a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records. Prior to 0.16.0 the additional record processing was not...

GHSA-4CWW-F7W5-X525 Stack consumption in trust-dns-server

There's a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records. Prior to 0.16.0 the additional record processing was not...

Mozilla Rust Resource Management Error Vulnerability (CNVD-2021-30439)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in trust-dns-server crate in Mozilla Rust versions prior to 0.18.1, which stems from a DNS MX and SRV null target handling error that results in stack consumption...

CVE-2020-35857

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...

CVE-2020-35857

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...

Stack overflow

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...

CVE-2020-35857

The CVE-2020-35857 entry applies to the trust-dns-server crate in Rust, prior to version 0.18.1. The issue arises from how MX and SRV null targets are handled, leading to stack consumption (stack overflow) when processing additional records for MX/SRV targets, potentially causing a crash and DOS....

CVE-2020-35857

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...

Stack overflow when resolving additional records from MX or SRV null targets

There's a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records, i.e. '.'. Example effected zone record: text no-service...

RUSTSEC-2020-0001 Stack overflow when resolving additional records from MX or SRV null targets

There's a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records, i.e. '.'. Example effected zone record: text no-service...