Veracode Vulnerability DatabaseVERACODE:41048Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.8%
MaraDNS is vulnerable to The vulnerability exists in the decomp_get_rddata function within the Decompress.c file. When handling a DNS packet with an Answer RR due to improper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate.resulting in a denial of service.
References
github.com/samboy/MaraDNS/blob/08b21ea20d80cedcb74aa8f14979ec7c61846663/dns/Decompress.c#L886
github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58
github.com/samboy/MaraDNS/security/advisories/GHSA-58m7-826v-9c3c
lists.debian.org/debian-lts-announce/2023/06/msg00019.html
lists.fedoraproject.org/archives/list/[email protected]/message/3VSMLJX25MXGQ6A7UPOGK7VPUVDESPHL/
lists.fedoraproject.org/archives/list/[email protected]/message/NB7LDZM5AGWC5BHHQHW6CP5OFNBBKFOQ/
security-tracker.debian.org/tracker/CVE-2023-31137
www.debian.org/security/2023/dsa-5441
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.8%