Source: maradns X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerability was published for maradns. CVE-2023-31137[0]: | MaraDNS is open-source software that implements the Domain Name System | (DNS). In version 3.5.0024 and prior, a remotely exploitable integer | underflow vulnerability in the DNS packet decompression function | allows an attacker to cause a Denial of Service by triggering an | abnormal program termination. The vulnerability exists in the | `decomp_get_rddata` function within the `Decompress.c` file. When | handling a DNS packet with an Answer RR of qtype 16 (TXT record) and | any qclass, if the `rdlength` is smaller than `rdata`, the result of | the line `Decompress.c:886` is a negative number `len = rdlength - | total;`. This value is then passed to the `decomp_append_bytes` | function without proper validation, causing the program to attempt to | allocate a massive chunk of memory that is impossible to allocate. | Consequently, the program exits with an error code of 64, causing a | Denial of Service. One proposed fix for this vulnerability is to patch | `Decompress.c:887` by breaking `if(len <= 0)`, which has been | incorporated in version 3.5.0036 via commit | bab062bde40b2ae8a91eecd522e84d8b993bab58. https://github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58 https://github.com/samboy/MaraDNS/security/advisories/GHSA-58m7-826v-9c3c If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-31137 https://www.cve.org/CVERecord?id=CVE-2023-31137 Please adjust the affected versions in the BTS as needed.
