mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
64c17acfe3
As announced in #228, this commit migrates all advisories to the new V2 format, which splits version information into a separate section, and now has a structure which corresponds to the internal code structure of the `rustsec` crate. This is a breaking change for users of `cargo-audit` < 0.9, and anyone who has written a 3rd party advisory format parser.
28 lines
1014 B
TOML
28 lines
1014 B
TOML
[advisory]
|
|
id = "RUSTSEC-2020-0001"
|
|
package = "trust-dns-server"
|
|
date = "2020-01-06"
|
|
title = "Stack overflow when resolving addional records from MX or SRV null targets"
|
|
description = """
|
|
There's a stack overflow leading to a crash and potential DOS when processing
|
|
additional records for return of MX or SRV record types from the server.
|
|
|
|
This is only possible when a zone is configured with a null target for MX or SRV records, i.e. '.'.
|
|
|
|
Example effected zone record:
|
|
```text
|
|
no-service 86400 IN MX 0 .
|
|
```
|
|
|
|
Prior to 0.16.0 the additional record processing was not supported by trust-dns-server. There
|
|
Are no known issues with upgrading from 0.16 or 0.17 to 0.18.1. The remidy should be to upgrade to
|
|
0.18.1. If unable to do so, MX, SRV or other record types with a target to the null type, should be avoided.
|
|
"""
|
|
url = "https://github.com/bluejekyll/trust-dns/issues/980"
|
|
categories = ["denial-of-service"]
|
|
keywords = [ "stack-overflow", "crash" ]
|
|
|
|
[versions]
|
|
patched = [">= 0.18.1"]
|
|
unaffected = ["< 0.16.0"]
|