Integer Underflow Affecting maradns package, versions <2.0.13-1.2+deb10u1


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
1.03% (84th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN10-MARADNS-5518059
  • published11 May 2023
  • disclosed9 May 2023

Introduced: 9 May 2023

CVE-2023-31137  (opens in a new tab)
CWE-191  (opens in a new tab)

How to fix?

Upgrade Debian:10 maradns to version 2.0.13-1.2+deb10u1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream maradns package and not the maradns package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination.

The vulnerability exists in the decomp_get_rddata function within the Decompress.c file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the rdlength is smaller than rdata, the result of the line Decompress.c:886 is a negative number len = rdlength - total;. This value is then passed to the decomp_append_bytes function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service.

One proposed fix for this vulnerability is to patch Decompress.c:887 by breaking if(len &lt;= 0), which has been incorporated in version 3.5.0036 via commit bab062bde40b2ae8a91eecd522e84d8b993bab58.

CVSS Scores

version 3.1