Vulnerability-Lookup

CVE-2020-35857 (GCVE-0-2020-35857)

Vulnerability from cvelistv5 – Published: 2020-12-31 00:00 – Updated: 2024-08-04 17:16

Summary

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://rustsec.org/advisories/RUSTSEC-2020-0001.html
	https://github.com/bluejekyll/trust-dns/commit/8b…

Show details on NVD website

JSON

To clipboard Create KEV Entry

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:12.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-07T21:48:16.374521",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html"
        },
        {
          "url": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35857",
    "datePublished": "2020-12-31T00:00:00",
    "dateReserved": "2020-12-31T00:00:00",
    "dateUpdated": "2024-08-04T17:16:12.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-35857\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-12-31T10:15:14.770\",\"lastModified\":\"2024-11-21T05:28:19.650\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en la crate trust-dns-server versiones anteriores a 0.18.1 para Rust.\u0026#xa0;Unos objetivos null de DNS MX y SRV son manejados inapropiadamente, causando un consumo de la pila.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trust-dns-server_project:trust-dns-server:*:*:*:*:*:rust:*:*\",\"versionStartIncluding\":\"0.16.0\",\"versionEndExcluding\":\"0.18.1\",\"matchCriteriaId\":\"B42C3D3E-43FE-41B6-8433-CEB4027A3C8C\"}]}]}],\"references\":[{\"url\":\"https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rustsec.org/advisories/RUSTSEC-2020-0001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rustsec.org/advisories/RUSTSEC-2020-0001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

FKIE_CVE-2020-35857

Vulnerability from fkie_nvd - Published: 2020-12-31 10:15 - Updated: 2024-11-21 05:28

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.

References

URL	Tags
cve@mitre.org	https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3
cve@mitre.org	https://rustsec.org/advisories/RUSTSEC-2020-0001.html	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3
af854a3a-2127-422b-91ae-364da2661108	https://rustsec.org/advisories/RUSTSEC-2020-0001.html	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	trust-dns-server_project	trust-dns-server	*

JSON

To clipboard Create KEV Entry

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trust-dns-server_project:trust-dns-server:*:*:*:*:*:rust:*:*",
              "matchCriteriaId": "B42C3D3E-43FE-41B6-8433-CEB4027A3C8C",
              "versionEndExcluding": "0.18.1",
              "versionStartIncluding": "0.16.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la crate trust-dns-server versiones anteriores a 0.18.1 para Rust.\u0026#xa0;Unos objetivos null de DNS MX y SRV son manejados inapropiadamente, causando un consumo de la pila."
    }
  ],
  "id": "CVE-2020-35857",
  "lastModified": "2024-11-21T05:28:19.650",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-31T10:15:14.770",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-35857

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.

Aliases

CVE-2020-35857

Aliases

CVE-2020-35857

JSON

To clipboard Create KEV Entry

{
  "GSD": {
    "alias": "CVE-2020-35857",
    "description": "An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.",
    "id": "GSD-2020-35857"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-35857"
      ],
      "details": "An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.",
      "id": "GSD-2020-35857",
      "modified": "2023-12-13T01:22:00.951853Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-35857",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html",
            "refsource": "MISC",
            "url": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html"
          },
          {
            "name": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3",
            "refsource": "MISC",
            "url": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:trust-dns-server_project:trust-dns-server:*:*:*:*:*:rust:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.18.1",
                "versionStartIncluding": "0.16.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35857"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html"
            },
            {
              "name": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3",
              "refsource": "",
              "tags": [],
              "url": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-12-07T22:15Z",
      "publishedDate": "2020-12-31T10:15Z"
    }
  }
}

GHSA-4CWW-F7W5-X525

Vulnerability from github – Published: 2021-08-25 20:46 – Updated: 2023-12-08 19:31

Summary

Stack consumption in trust-dns-server

Details

There's a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records. Prior to 0.16.0 the additional record processing was not supported by trust-dns-server. There Are no known issues with upgrading from 0.16 or 0.17 to 0.18.1. The remidy should be to upgrade to 0.18.1. If unable to do so, MX, SRV or other record types with a target to the null type, should be avoided.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "trust-dns-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.16.0"
            },
            {
              "fixed": "0.18.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:20:03Z",
    "nvd_published_at": "2020-12-31T10:15:14Z",
    "severity": "HIGH"
  },
  "details": "There\u0027s a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records. Prior to 0.16.0 the additional record processing was not supported by trust-dns-server. There Are no known issues with upgrading from 0.16 or 0.17 to 0.18.1. The remidy should be to upgrade to 0.18.1. If unable to do so, MX, SRV or other record types with a target to the null type, should be avoided.",
  "id": "GHSA-4cww-f7w5-x525",
  "modified": "2023-12-08T19:31:23Z",
  "published": "2021-08-25T20:46:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35857"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bluejekyll/trust-dns/issues/980"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bluejekyll/trust-dns/pull/982"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bluejekyll/trust-dns/commit/8b9eab05795fdc098976262853b2498055c7a8f3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bluejekyll/trust-dns"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Stack consumption in trust-dns-server"
}

CNVD-2021-30439

Vulnerability from cnvd - Published: 2021-04-23

Title

Mozilla Rust资源管理错误漏洞（CNVD-2021-30439）

Description

Rust是Mozilla基金会的一款通用、编译型编程语言。 Mozilla Rust 0.18.1之前版本中的trust-dns-server crate存在资源管理错误漏洞，该漏洞源于DNS MX和SRV空目标处理错误，导致堆栈消耗。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Mozilla Rust资源管理错误漏洞（CNVD-2021-30439）的补丁

Patch Description

Rust是Mozilla基金会的一款通用、编译型编程语言。 Mozilla Rust 0.18.1之前版本中的trust-dns-server crate存在资源管理错误漏洞，该漏洞源于DNS MX和SRV空目标处理错误，导致堆栈消耗。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://rustsec.org/advisories/RUSTSEC-2020-0001.html

Reference

https://rustsec.org/advisories/RUSTSEC-2020-0001.html

Impacted products

Name
Mozilla Rust <0.18.1

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-35857",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-35857"
    }
  },
  "description": "Rust\u662fMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u901a\u7528\u3001\u7f16\u8bd1\u578b\u7f16\u7a0b\u8bed\u8a00\u3002\n\nMozilla Rust 0.18.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684trust-dns-server crate\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eDNS MX\u548cSRV\u7a7a\u76ee\u6807\u5904\u7406\u9519\u8bef\uff0c\u5bfc\u81f4\u5806\u6808\u6d88\u8017\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://rustsec.org/advisories/RUSTSEC-2020-0001.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-30439",
  "openTime": "2021-04-23",
  "patchDescription": "Rust\u662fMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u901a\u7528\u3001\u7f16\u8bd1\u578b\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nMozilla Rust 0.18.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684trust-dns-server crate\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eDNS MX\u548cSRV\u7a7a\u76ee\u6807\u5904\u7406\u9519\u8bef\uff0c\u5bfc\u81f4\u5806\u6808\u6d88\u8017\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Rust\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2021-30439\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Mozilla Rust \u003c0.18.1"
  },
  "referenceLink": "https://rustsec.org/advisories/RUSTSEC-2020-0001.html",
  "serverity": "\u4e2d",
  "submitTime": "2021-01-06",
  "title": "Mozilla Rust\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2021-30439\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-35857 (GCVE-0-2020-35857)

FKIE_CVE-2020-35857

GSD-2020-35857

GHSA-4CWW-F7W5-X525

CNVD-2021-30439

Tags

Sightings

Nomenclature