The vulnerability is caused by an insufficient check on
the length of a decompressed domain name within a DNS
packet.
An attacker can craft a malicious DNS packet containing a
highly compressed domain name. When the resolv library
parses such a packet, the name decompression process
consumes a large amount of CPU resources, as the library
does not limit the resulting length of the name.
This resource consumption can cause the application thread
to become unresponsive, resulting in a Denial of Service
condition.