CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-31137

MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination. The vulnerability exists in the `decomp_get_rddata` function within the `Decompress.c` file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the `rdlength` is smaller than `rdata`, the result of the line `Decompress.c:886` is a negative number `len = rdlength - total;`. This value is then passed to the `decomp_append_bytes` function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service. One proposed fix for this vulnerability is to patch `Decompress.c:887` by breaking `if(len <= 0)`, which has been incorporated in version 3.5.0036 via commit bab062bde40b2ae8a91eecd522e84d8b993bab58.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.2%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2023-31137

Maradns » Maradns » Version: N/A

cpe:2.3:a:maradns:maradns:-
Maradns » Maradns » Version: 1.3.07.10

cpe:2.3:a:maradns:maradns:1.3.07.10
Maradns » Maradns » Version: 1.3.07.12

cpe:2.3:a:maradns:maradns:1.3.07.12
Maradns » Maradns » Version: 1.3.07.13

cpe:2.3:a:maradns:maradns:1.3.07.13
Maradns » Maradns » Version: 1.3.07.14

cpe:2.3:a:maradns:maradns:1.3.07.14
Maradns » Maradns » Version: 1.3.07.15

cpe:2.3:a:maradns:maradns:1.3.07.15
Maradns » Maradns » Version: 1.3.13

cpe:2.3:a:maradns:maradns:1.3.13
Maradns » Maradns » Version: 1.3.14

cpe:2.3:a:maradns:maradns:1.3.14
Maradns » Maradns » Version: 1.4.0

cpe:2.3:a:maradns:maradns:1.4.0
Maradns » Maradns » Version: 1.4.01

cpe:2.3:a:maradns:maradns:1.4.01
Maradns » Maradns » Version: 1.4.02

cpe:2.3:a:maradns:maradns:1.4.02
Maradns » Maradns » Version: 1.4.03

cpe:2.3:a:maradns:maradns:1.4.03
Maradns » Maradns » Version: 1.4.04

cpe:2.3:a:maradns:maradns:1.4.04
Maradns » Maradns » Version: 1.4.05

cpe:2.3:a:maradns:maradns:1.4.05
Maradns » Maradns » Version: 1.4.06

cpe:2.3:a:maradns:maradns:1.4.06
Maradns » Maradns » Version: 1.4.07

cpe:2.3:a:maradns:maradns:1.4.07
Maradns » Maradns » Version: 1.4.08

cpe:2.3:a:maradns:maradns:1.4.08
Maradns » Maradns » Version: 1.4.09

cpe:2.3:a:maradns:maradns:1.4.09
Maradns » Maradns » Version: 1.4.10

cpe:2.3:a:maradns:maradns:1.4.10
Maradns » Maradns » Version: 1.4.11

cpe:2.3:a:maradns:maradns:1.4.11
Maradns » Maradns » Version: 1.4.12

cpe:2.3:a:maradns:maradns:1.4.12
Maradns » Maradns » Version: 1.4.13

cpe:2.3:a:maradns:maradns:1.4.13
Maradns » Maradns » Version: 1.4.15

cpe:2.3:a:maradns:maradns:1.4.15
Maradns » Maradns » Version: 1.4.16

cpe:2.3:a:maradns:maradns:1.4.16
Maradns » Maradns » Version: 2.0.01

cpe:2.3:a:maradns:maradns:2.0.01
Maradns » Maradns » Version: 2.0.02

cpe:2.3:a:maradns:maradns:2.0.02
Maradns » Maradns » Version: 2.0.03

cpe:2.3:a:maradns:maradns:2.0.03
Maradns » Maradns » Version: 2.0.04

cpe:2.3:a:maradns:maradns:2.0.04
Maradns » Maradns » Version: 2.0.05

cpe:2.3:a:maradns:maradns:2.0.05
Maradns » Maradns » Version: 2.0.06

cpe:2.3:a:maradns:maradns:2.0.06
Maradns » Maradns » Version: 2.0.07

cpe:2.3:a:maradns:maradns:2.0.07
Maradns » Maradns » Version: 2.0.07b

cpe:2.3:a:maradns:maradns:2.0.07b
Maradns » Maradns » Version: 2.0.07c

cpe:2.3:a:maradns:maradns:2.0.07c
Maradns » Maradns » Version: 2.0.07d

cpe:2.3:a:maradns:maradns:2.0.07d
Maradns » Maradns » Version: 2.0.08

cpe:2.3:a:maradns:maradns:2.0.08
Maradns » Maradns » Version: 2.0.09

cpe:2.3:a:maradns:maradns:2.0.09
Maradns » Maradns » Version: 2.0.10

cpe:2.3:a:maradns:maradns:2.0.10
Maradns » Maradns » Version: 2.0.11

cpe:2.3:a:maradns:maradns:2.0.11
Maradns » Maradns » Version: 2.0.12

cpe:2.3:a:maradns:maradns:2.0.12
Maradns » Maradns » Version: 2.0.13

cpe:2.3:a:maradns:maradns:2.0.13
Maradns » Maradns » Version: 2.0.14

cpe:2.3:a:maradns:maradns:2.0.14
Maradns » Maradns » Version: 2.0.15

cpe:2.3:a:maradns:maradns:2.0.15
Maradns » Maradns » Version: 2.0.16

cpe:2.3:a:maradns:maradns:2.0.16
Maradns » Maradns » Version: 2.0.17

cpe:2.3:a:maradns:maradns:2.0.17
Maradns » Maradns » Version: 3.2.06

cpe:2.3:a:maradns:maradns:3.2.06
Maradns » Maradns » Version: 3.2.07

cpe:2.3:a:maradns:maradns:3.2.07
Maradns » Maradns » Version: 3.2.08

cpe:2.3:a:maradns:maradns:3.2.08
Maradns » Maradns » Version: 3.2.09

cpe:2.3:a:maradns:maradns:3.2.09
Maradns » Maradns » Version: 3.2.10

cpe:2.3:a:maradns:maradns:3.2.10
Maradns » Maradns » Version: 3.2.11

cpe:2.3:a:maradns:maradns:3.2.11
Maradns » Maradns » Version: 3.2.12

cpe:2.3:a:maradns:maradns:3.2.12
Maradns » Maradns » Version: 3.2.14

cpe:2.3:a:maradns:maradns:3.2.14
Maradns » Maradns » Version: 3.3.03

cpe:2.3:a:maradns:maradns:3.3.03
Maradns » Maradns » Version: 3.4.01

cpe:2.3:a:maradns:maradns:3.4.01
Maradns » Maradns » Version: 3.4.03

cpe:2.3:a:maradns:maradns:3.4.03
Maradns » Maradns » Version: 3.4.04

cpe:2.3:a:maradns:maradns:3.4.04
Maradns » Maradns » Version: 3.4.05

cpe:2.3:a:maradns:maradns:3.4.05
Maradns » Maradns » Version: 3.4.07

cpe:2.3:a:maradns:maradns:3.4.07
Maradns » Maradns » Version: 3.4.09

cpe:2.3:a:maradns:maradns:3.4.09
Maradns » Maradns » Version: 3.5.0001

cpe:2.3:a:maradns:maradns:3.5.0001
Maradns » Maradns » Version: 3.5.0002

cpe:2.3:a:maradns:maradns:3.5.0002
Maradns » Maradns » Version: 3.5.0003

cpe:2.3:a:maradns:maradns:3.5.0003
Maradns » Maradns » Version: 3.5.0004

cpe:2.3:a:maradns:maradns:3.5.0004
Maradns » Maradns » Version: 3.5.0005

cpe:2.3:a:maradns:maradns:3.5.0005
Maradns » Maradns » Version: 3.5.0006

cpe:2.3:a:maradns:maradns:3.5.0006
Maradns » Maradns » Version: 3.5.0007

cpe:2.3:a:maradns:maradns:3.5.0007
Maradns » Maradns » Version: 3.5.0008

cpe:2.3:a:maradns:maradns:3.5.0008
Maradns » Maradns » Version: 3.5.0009

cpe:2.3:a:maradns:maradns:3.5.0009
Maradns » Maradns » Version: 3.5.0010

cpe:2.3:a:maradns:maradns:3.5.0010
Maradns » Maradns » Version: 3.5.0011

cpe:2.3:a:maradns:maradns:3.5.0011
Maradns » Maradns » Version: 3.5.0012

cpe:2.3:a:maradns:maradns:3.5.0012
Maradns » Maradns » Version: 3.5.0013

cpe:2.3:a:maradns:maradns:3.5.0013
Maradns » Maradns » Version: 3.5.0014

cpe:2.3:a:maradns:maradns:3.5.0014
Maradns » Maradns » Version: 3.5.0015

cpe:2.3:a:maradns:maradns:3.5.0015
Maradns » Maradns » Version: 3.5.0016

cpe:2.3:a:maradns:maradns:3.5.0016
Maradns » Maradns » Version: 3.5.0017

cpe:2.3:a:maradns:maradns:3.5.0017
Maradns » Maradns » Version: 3.5.0018

cpe:2.3:a:maradns:maradns:3.5.0018
Maradns » Maradns » Version: 3.5.0019

cpe:2.3:a:maradns:maradns:3.5.0019
Maradns » Maradns » Version: 3.5.0020

cpe:2.3:a:maradns:maradns:3.5.0020
Maradns » Maradns » Version: 3.5.0021

cpe:2.3:a:maradns:maradns:3.5.0021
Maradns » Maradns » Version: 3.5.0022

cpe:2.3:a:maradns:maradns:3.5.0022
Maradns » Maradns » Version: 3.5.0023

cpe:2.3:a:maradns:maradns:3.5.0023
Maradns » Maradns » Version: 3.5.0024

cpe:2.3:a:maradns:maradns:3.5.0024
Maradns » Maradns » Version: 3.5.0025

cpe:2.3:a:maradns:maradns:3.5.0025
Maradns » Maradns » Version: 3.5.0026

cpe:2.3:a:maradns:maradns:3.5.0026
Maradns » Maradns » Version: 3.5.0027

cpe:2.3:a:maradns:maradns:3.5.0027
Maradns » Maradns » Version: 3.5.0028

cpe:2.3:a:maradns:maradns:3.5.0028
Maradns » Maradns » Version: 3.5.0029

cpe:2.3:a:maradns:maradns:3.5.0029
Maradns » Maradns » Version: 3.5.0030

cpe:2.3:a:maradns:maradns:3.5.0030
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0
Debian » Debian Linux » Version: 11.0

cpe:2.3:o:debian:debian_linux:11.0
Fedoraproject » Fedora » Version: 37

cpe:2.3:o:fedoraproject:fedora:37
Fedoraproject » Fedora » Version: 38

cpe:2.3:o:fedoraproject:fedora:38

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-31137

Products

Pricing

Contact Us