RUSTSEC-2023-0041
- Source
- https://rustsec.org/advisories/RUSTSEC-2023-0041
- Import Source
- https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0041.json
- JSON Data
- https://api.osv.dev/v1/vulns/RUSTSEC-2023-0041
- Aliases
- Published
- 2023-06-01T12:00:00Z
- Modified
- 2023-11-08T04:15:42.121988Z
- Summary
- Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets
- Details
-
trust-dns and trust-dns-server are vulnerable to remotely triggered denial-of-service attacks, consuming both network and CPU resources. DNS messages with the QR=1 bit set are responded to with a
FormErrresponse. This allows creating a traffic loop, in which theseFormErrresponses are sent nonstop between vulnerable servers.There are two scenarios how this can be exploited: 1) Create a loop between two instances of trust-dns, consuming network resources, or 2) consuming the CPU of a single instance.
With two instances A and B an attacker sends a DNS query with a spoofed source IP address to A. A replies with a
FormErrto B. Now both servers with ping-pong the message back and forth until by chance the packet is dropped in the network. Multiple spoofed packets can be sent by the attacker, increasing resource consumption.A single server can get locked up replying to itself. Same setup as above, but now A sends the reply to itself. The packet is sent out as fast as the CPU and network stack manage. This locks up a CPU core. Multiple packets from the attacker consume multiple CPU cores.
- Database specific
{ "license": "CC0-1.0" }- References
Affected packages
crates.io / trust-dns-server
Package
- Name
- trust-dns-server
- View open source insights on deps.dev
- Purl
- pkg:cargo/trust-dns-server
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0.0.0-0Fixed0.22.1Introduced0.23.0-0Fixed0.23.0-alpha.3