7.5

CVE-2023-50387

Medienbericht
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
FedoraprojectFedora Version39
ThekelleysDnsmasq Version < 2.90
NicKnot Resolver Version < 5.71
PowerdnsRecursor Version >= 4.8.0 < 4.8.6
PowerdnsRecursor Version >= 4.9.0 < 4.9.3
PowerdnsRecursor Version >= 5.0.0 < 5.0.2
IscBind SwEdition- Version >= 9.0.0 <= 9.16.46
IscBind SwEdition- Version >= 9.18.0 <= 9.18.22
IscBind SwEdition- Version >= 9.19.0 <= 9.19.20
NlnetlabsUnbound Version < 1.19.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 100% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
http://www.openwall.com/lists/oss-security/2024/02/16/2
Mailing List
http://www.openwall.com/lists/oss-security/2024/02/16/3
Mailing List
https://access.redhat.com/security/cve/CVE-2023-50387
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1219823
Issue Tracking
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
Third Party Advisory
https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
Patch
https://kb.isc.org/docs/cve-2023-50387
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
Third Party Advisory
Mailing List
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387
Patch
Vendor Advisory
https://news.ycombinator.com/item?id=39367411
Third Party Advisory
https://news.ycombinator.com/item?id=39372384
Issue Tracking
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0007/
https://www.athene-center.de/aktuelles/key-trap
Third Party Advisory
https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
Third Party Advisory
Technical Description
https://www.isc.org/blogs/2024-bind-security-release/
Third Party Advisory
https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/
Third Party Advisory
Press/Media Coverage
https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/11/msg00035.html
https://lists.debian.org/debian-lts-announce/2024/09/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/