CVE-2023-50387
published 2024-02-14CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Affected
60 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cz.nic | knot-resolver | >= 0 < 5.6.0-1+deb12u1 | 5.6.0-1+deb12u1 |
| cz.nic | knot-resolver | >= 0 < 5.7.1-1 | 5.7.1-1 |
| cz.nic | knot-resolver | >= 0 < 5.7.1-1 | 5.7.1-1 |
| debian | bind9 | < bind9 1:9.18.24-1 (bookworm) | bind9 1:9.18.24-1 (bookworm) |
| debian | dnsjava | < bind9 1:9.18.24-1 (bookworm) | bind9 1:9.18.24-1 (bookworm) |
| debian | dnsmasq | < bind9 1:9.18.24-1 (bookworm) | bind9 1:9.18.24-1 (bookworm) |
| debian | knot-resolver | < bind9 1:9.18.24-1 (bookworm) | bind9 1:9.18.24-1 (bookworm) |
| debian | pdns-recursor | < bind9 1:9.18.24-1 (bookworm) | bind9 1:9.18.24-1 (bookworm) |
| debian | systemd | < bind9 1:9.18.24-1 (bookworm) | bind9 1:9.18.24-1 (bookworm) |
| debian | unbound | < bind9 1:9.18.24-1 (bookworm) | bind9 1:9.18.24-1 (bookworm) |
| fedoraproject | fedora | — | — |
| isc | bind | 9.0.0 – 9.16.46 | — |
| isc | bind | 9.18.0 – 9.18.22 | — |
| isc | bind | 9.19.0 – 9.19.20 | — |
| isc | bind9 | >= 0 < 1:9.16.48-1 | 1:9.16.48-1 |
| isc | bind9 | >= 0 < 1:9.18.24-1 | 1:9.18.24-1 |
| isc | bind9 | >= 0 < 1:9.19.21-1 | 1:9.19.21-1 |
| isc | bind9 | >= 0 < 1:9.19.21-1 | 1:9.19.21-1 |
| isc | bind9 | >= 0 < 1:9.16.48-0ubuntu0.20.04.1 | 1:9.16.48-0ubuntu0.20.04.1 |
| isc | bind9 | >= 0 < 1:9.18.18-0ubuntu0.22.04.2 | 1:9.18.18-0ubuntu0.22.04.2 |
| isc | bind9 | >= 0 < 1:9.9.5.dfsg-3ubuntu0.19+esm12 | 1:9.9.5.dfsg-3ubuntu0.19+esm12 |
| isc | bind9 | >= 0 < 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 | 1:9.10.3.dfsg.P4-8ubuntu1.19+esm8 |
| isc | bind9 | >= 0 < 1:9.11.3+dfsg-1ubuntu1.19+esm3 | 1:9.11.3+dfsg-1ubuntu1.19+esm3 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH