Skip to content

Vulnerability in trust-dns and trust-dns-server (Part 2) #1705

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Vulnerability in trust-dns and trust-dns-server (Part 2) #1705

wants to merge 1 commit into from

Conversation

jonasbb
Copy link
Contributor

@jonasbb jonasbb commented Jun 3, 2023

Same as #1703 but for trust-dns

An attacker can form packet loops between vulnerable instances leading
to a denial-of-service for both network and CPU resources.
@Shnatsel
Copy link
Member

Shnatsel commented Jun 3, 2023

I understand this is about the trust-dns binary, which unconditionally depends on the trust-dns-server crate. Is that correct? If that's the case, a separate advisory should not be needed - cargo audit will inspect the dependency tree and locate the vulnerable trust-dns-server crate.

If you have other use cases, please let me know, but as it stands I think an advisory about trust-dns-server should be sufficient.

@jonasbb
Copy link
Contributor Author

jonasbb commented Jun 3, 2023

Yes, it is about the binary, since it can be used “independent” of the trust-dns-server. But you are right, that there is a mandatory dependency between them. If you think the existing advisory is sufficient, then I close this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants