7

CVE-2023-29483

Exploit

EPSS 8.6%
Veröffentlicht 11.04.2024 14:15:12
Zuletzt bearbeitet 04.11.2025 18:15:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

NVD 6 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eventlet ≫ Eventlet Version < 0.35.2

Dnspython ≫ Dnspython Version < 2.6.0

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Fedoraproject ≫ Fedora Version40

Netapp ≫ Bootstrap Os Version-

Netapp ≫ Hci Compute Node Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.6%	0.925

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-292 DEPRECATED: Trusting Self-reported DNS Name

This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.

https://github.com/eventlet/eventlet/issues/913

Exploit

Issue Tracking

https://github.com/eventlet/eventlet/releases/tag/v0.35.2

Release Notes

https://github.com/rthalley/dnspython/issues/1045

Exploit

Issue Tracking

https://github.com/rthalley/dnspython/releases/tag/v2.6.0

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/

Mailing List

https://security.netapp.com/advisory/ntap-20240510-0001/

Third Party Advisory

https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713

Third Party Advisory

https://www.dnspython.org/

Product

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/

https://nvd.nist.gov/vuln/detail/CVE-2023-29483

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29483

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29483

EUVD