Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-31137

Опубликовано: 09 мая 2023
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination.

The vulnerability exists in the decomp_get_rddata function within the Decompress.c file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the rdlength is smaller than rdata, the result of the line Decompress.c:886 is a negative number len = rdlength - total;. This value is then passed to the decomp_append_bytes function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service.

One proposed fix for this vulnerability is to patch Decompress.c:887 by breaking if(len <= 0), which ha

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:maradns:maradns:*:*:*:*:*:*:*:*
Версия до 3.4.10 (исключая)
cpe:2.3:a:maradns:maradns:*:*:*:*:*:*:*:*
Версия от 3.5.0001 (включая) до 3.5.0036 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.01169
Низкий

7.5 High

CVSS3

Дефекты

CWE-191

Связанные уязвимости

ubuntu логотип

CVE-2023-31137

CVSS3: 7.5
ubuntu
больше 2 лет назад

MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination. The vulnerability exists in the `decomp_get_rddata` function within the `Decompress.c` file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the `rdlength` is smaller than `rdata`, the result of the line `Decompress.c:886` is a negative number `len = rdlength - total;`. This value is then passed to the `decomp_append_bytes` function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service. One proposed fix for this vulnerability is to patch `Decompress.c:887` by breaking `if(len <= 0)`, which h...

debian логотип

CVE-2023-31137

CVSS3: 7.5
debian
больше 2 лет назад

MaraDNS is open-source software that implements the Domain Name System ...

fstec логотип

BDU:2024-02667

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость функции decomp_get_rddata в файле Decompress.c программного обеспечения реализации системы доменных имен MaraDNS, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании»

EPSS

Процентиль: 78%
0.01169
Низкий

7.5 High

CVSS3

Дефекты

CWE-191