RUSTSEC-2018-0007

Stack overflow when parsing malicious DNS packet

Reported

October 9, 2018

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

trust-dns-proto (crates.io)

Type

Vulnerability

Keywords

#stack-overflow #crash

Aliases

CVSS Score

7.5 HIGH

CVSS Details

Attack vector: Network
Attack complexity: Low
Privileges required: None
User interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Patched

>=0.4.3

Description

There's a stack overflow leading to a crash when Trust-DNS's parses a malicious DNS packet.

Affected versions of this crate did not properly handle parsing of DNS message compression (RFC1035 section 4.1.4). The parser could be tricked into infinite loop when a compression offset pointed back to the same domain name to be parsed.

This allows an attacker to craft a malicious DNS packet which when consumed with Trust-DNS could cause stack overflow and crash the affected software.

The flaw was corrected by trust-dns-proto 0.4.3 and upcoming 0.5.0 release.

Advisory available under CC0-1.0 license.