{"vulnerability": "ghsa-mxwc-wh95-pw4g", "sightings": [{"uuid": "591bf4c5-aa69-4e96-bc59-cd66a036b179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-MXWC-WH95-PW4G", "type": "seen", "source": "https://gist.github.com/alon710/f9b0746c1419f68b39813326daf32fa7", "content": "# GHSA-MXWC-WH95-PW4G: GHSA-MXWC-WH95-PW4G: Denial of Service via Uncontrolled Recursion in Trapster DNS Parser\n\n&gt; **CVSS Score:** 5.3\n&gt; **Published:** 2026-07-08\n&gt; **Full Report:** https://cvereports.com/reports/GHSA-MXWC-WH95-PW4G\n\n## Summary\nThe trapster honeypot package is vulnerable to a remote denial of service (DoS) vulnerability due to uncontrolled recursion during the parsing of malformed DNS compression pointers in the decode_labels function.\n\n## TL;DR\nUnauthenticated malformed DNS compression pointers trigger uncontrolled recursion in the packet decoder, crashing the per-packet handler.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-674\n- **Attack Vector**: Network (UDP)\n- **CVSS v3.1**: 5.3 (Medium)\n- **Exploit Status**: Proof-of-Concept Available\n- **Impact**: Denial of Service (DoS)\n\n## Affected Systems\n\n- trapster honeypot daemon\n- **trapster**: &lt;= 1.2.0\n\n## Mitigation\n\n- Refactor DNS label parsing from a recursive model to an iterative model with decreasing offset tracking.\n- Introduce exception handling in the network protocol entry point to prevent parser exceptions from crashing the asyncio event loop.\n\n**Remediation Steps:**\n1. Locate the decode_labels function in trapster/libs/dns.py.\n2. Replace the recursive logic with a loop that tracks the maximum allowable pointer offset to prevent circular lookups.\n3. Update trapster/modules/dns.py to wrap decode_dns_message in a try-except block capturing ValueError and struct.error.\n\n## References\n\n- [GitHub Security Advisory GHSA-MXWC-WH95-PW4G](https://github.com/advisories/GHSA-MXWC-WH95-PW4G)\n- [Target Project Repository](https://github.com/0xBallpoint/trapster-community)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-MXWC-WH95-PW4G) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-08T21:12:14.933821Z"}]}