Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-50387

Опубликовано: 14 фев. 2024
Источник: nvd
CVSS3: 7.5
EPSS Средний

Описание

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*
Версия до 2.90 (исключая)
Конфигурация 5
cpe:2.3:a:nic:knot_resolver:*:*:*:*:*:*:*:*
Версия до 5.71 (исключая)
Конфигурация 6

Одно из

cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
Версия от 4.8.0 (включая) до 4.8.6 (исключая)
cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
Версия от 4.9.0 (включая) до 4.9.3 (исключая)
cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
Версия от 5.0.0 (включая) до 5.0.2 (исключая)
Конфигурация 7

Одно из

cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
Версия от 9.0.0 (включая) до 9.16.46 (включая)
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
Версия от 9.18.0 (включая) до 9.18.22 (включая)
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
Версия от 9.19.0 (включая) до 9.19.20 (включая)
Конфигурация 8
cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*
Версия до 1.19.1 (исключая)

EPSS

Процентиль: 97%
0.39615
Средний

7.5 High

CVSS3

Дефекты

CWE-770
CWE-770

Связанные уязвимости

ubuntu логотип

CVE-2023-50387

CVSS3: 7.5
ubuntu
больше 1 года назад

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

redhat логотип

CVE-2023-50387

CVSS3: 7.5
redhat
больше 1 года назад

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

msrc логотип

CVE-2023-50387

msrc
больше 1 года назад

MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers

debian логотип

CVE-2023-50387

CVSS3: 7.5
debian
больше 1 года назад

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6 ...

github логотип

GHSA-8459-gg55-8qjj

CVSS3: 7.5
github
больше 1 года назад

Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

EPSS

Процентиль: 97%
0.39615
Средний

7.5 High

CVSS3

Дефекты

CWE-770
CWE-770