Vulnerability Description
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trust-Dns-Server Project | Trust-Dns-Server | >= 0.16.0, < 0.18.1 |
Related Weaknesses (CWE)
References
- https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b249805
- https://rustsec.org/advisories/RUSTSEC-2020-0001.htmlExploitThird Party Advisory
- https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b249805
- https://rustsec.org/advisories/RUSTSEC-2020-0001.htmlExploitThird Party Advisory
FAQ
What is CVE-2020-35857?
CVE-2020-35857 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.
How severe is CVE-2020-35857?
CVE-2020-35857 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35857?
Check the references section above for vendor advisories and patch information. Affected products include: Trust-Dns-Server Project Trust-Dns-Server.