7

CVE-2023-29483

Exploit

EPSS 4.86%
Veröffentlicht 11.04.2024 14:15:12
Zuletzt bearbeitet 17.06.2025 20:50:56
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eventlet ≫ Eventlet Version < 0.35.2

Dnspython ≫ Dnspython Version < 2.6.0

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Fedoraproject ≫ Fedora Version40

Netapp ≫ Bootstrap Os Version-

Netapp ≫ Hci Compute Node Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.86%	0.891

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-292 DEPRECATED: Trusting Self-reported DNS Name

This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.

https://github.com/eventlet/eventlet/issues/913

Exploit

Issue Tracking

https://github.com/eventlet/eventlet/releases/tag/v0.35.2

Release Notes

https://github.com/rthalley/dnspython/issues/1045

Exploit

Issue Tracking

https://github.com/rthalley/dnspython/releases/tag/v2.6.0

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/

Mailing List

https://security.netapp.com/advisory/ntap-20240510-0001/

Third Party Advisory

https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713

Third Party Advisory

https://www.dnspython.org/

Product

https://nvd.nist.gov/vuln/detail/CVE-2023-29483

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29483

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29483

EUVD