7

CVE-2023-29483

Exploit

EPSS 4.86%
Published 11.04.2024 14:15:12
Last modified 17.06.2025 20:50:56
Source cve@mitre.org
Teams watchlist Login
Open Login

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Eventlet ≫ Eventlet Version < 0.35.2

Dnspython ≫ Dnspython Version < 2.6.0

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Fedoraproject ≫ Fedora Version40

Netapp ≫ Bootstrap Os Version-

Netapp ≫ Hci Compute Node Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.86%	0.891

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-292 DEPRECATED: Trusting Self-reported DNS Name

This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.

https://github.com/eventlet/eventlet/issues/913

Exploit

Issue Tracking

https://github.com/eventlet/eventlet/releases/tag/v0.35.2

Release Notes

https://github.com/rthalley/dnspython/issues/1045

Exploit

Issue Tracking

https://github.com/rthalley/dnspython/releases/tag/v2.6.0

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/

Mailing List

https://security.netapp.com/advisory/ntap-20240510-0001/

Third Party Advisory

https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713

Third Party Advisory

https://www.dnspython.org/

Product

https://nvd.nist.gov/vuln/detail/CVE-2023-29483

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29483

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29483

EUVD