7

CVE-2023-29483

Exploit
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EventletEventlet Version < 0.35.2
DnspythonDnspython Version < 2.6.0
FedoraprojectFedora Version38
FedoraprojectFedora Version39
FedoraprojectFedora Version40
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.86% 0.764
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7 2.2 4.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE-292 DEPRECATED: Trusting Self-reported DNS Name

This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.

https://github.com/eventlet/eventlet/issues/913
Exploit
Issue Tracking
https://github.com/eventlet/eventlet/releases/tag/v0.35.2
Release Notes
https://github.com/rthalley/dnspython/issues/1045
Exploit
Issue Tracking
https://github.com/rthalley/dnspython/releases/tag/v2.6.0
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/
Mailing List
https://security.netapp.com/advisory/ntap-20240510-0001/
Third Party Advisory
https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713
Third Party Advisory
https://www.dnspython.org/
Product
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/