CVE-2020-35857

Name of the Vulnerable Software and Affected Versions trust-dns-server versions prior to 0.18.1

Description An issue was discovered in the trust-dns-server crate, where DNS MX and SRV null targets are mishandled, causing stack consumption. This can lead to a stack overflow, resulting in a crash and potential denial of service (DOS) when processing additional records for return of MX or SRV record types from the server. The issue is only possible when a zone is configured with a null target for MX or SRV records.

Recommendations To resolve the issue, upgrade to version 0.18.1. If unable to do so, avoid using MX, SRV, or other record types with a target to the null type to minimize the risk of exploitation.