OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e043405eabe373c766e80e5a7301d98babfd1f7e
advisory-db/crates/trust-dns-proto/RUSTSEC-2018-0007.toml
Tony Arcieri 487ffe4728 Fix "date:" field on RUSTSEC-2018-0007 
It appears it was mistakenly filed as being in 2017
2018-10-14 09:53:19 -07:00

22 lines
821 B
TOML
Raw Blame History

[advisory]
id = "RUSTSEC-2018-0007"
package = "trust-dns-proto"
date = "2018-10-09"
title = "Stack overflow when parsing malicious DNS packet"
description = """
There's a stack overflow leading to a crash when Trust-DNS's parses a
malicious DNS packet.
Affected versions of this crate did not properly handle parsing of DNS message
compression (RFC1035 section 4.1.4). The parser could be tricked into infinite
loop when a compression offset pointed back to the same domain name to be
parsed.
This allows an attacker to craft a malicious DNS packet which when consumed
with Trust-DNS could cause stack overflow and crash the affected software.
The flaw was corrected by trust-dns-proto 0.4.3 and upcoming 0.5.0 release.
"""
patched_versions = [">= 0.4.3", ">= 0.5.0-alpha.3" ]
keywords = [ "stack-overflow", "crash" ]
Reference in New Issue View Git Blame Copy Permalink