7.5
CVE-2023-28456
- EPSS 0.52%
- Veröffentlicht 18.09.2024 15:15:14
- Zuletzt bearbeitet 22.04.2025 14:19:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Technitium ≫ Dnsserver Version <= 11.0.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.4 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-406 Insufficient Control of Network Message Volume (Network Amplification)
The product does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the product to transmit more traffic than should be allowed for that actor.
https://technitium.com/dns/
https://gist.github.com/idealeer/89947ca07836fd0f7e9761198ca9a0f3