Aardvark-DNS Denial-of-Service Vulnerability via Malformed TCP DNS Queries

A denial-of-service vulnerability has been identified in Aardvark-DNS versions 1.16.0 through 1.17.0. The issue arises when the server receives a truncated TCP DNS query followed by a connection reset, causing Aardvark-DNS to enter an infinite error loop, consuming 100% CPU. This flaw can lead to a significant disruption of service.

Impact

Exploitation of this vulnerability causes Aardvark-DNS to enter an infinite loop, resulting in 100% CPU usage, which can disrupt normal operations and service availability.

Reproduction

The vulnerability can be reproduced by sending a truncated TCP DNS query to the Aardvark-DNS server, followed by a connection reset. This sequence of events can be automated with a script or tool that simulates the malformed DNS packet and resets the connection, such as using 'socat' or similar networking utilities.

Remediation

Users can upgrade to Aardvark-DNS version 1.17.1, which addresses this vulnerability by improving the handling of incorrect TCP packets. The updated version can be downloaded from the Aardvark-DNS GitHub Releases page.