We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | mitre |
Reserved | 2023-12-14 |
Published | 2024-02-14 |
Updated | 2024-08-02 |
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
https://www.isc.org/blogs/2024-bind-security-release/
https://datatracker.ietf.org/doc/html/rfc5155
https://kb.isc.org/docs/cve-2023-50868
https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
https://access.redhat.com/security/cve/CVE-2023-50868
https://bugzilla.suse.com/show_bug.cgi?id=1219826
http://www.openwall.com/lists/oss-security/2024/02/16/2 ([oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities)
http://www.openwall.com/lists/oss-security/2024/02/16/3 ([oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ (FEDORA-2024-2e26eccfcb)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ (FEDORA-2024-e24211eff0)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ (FEDORA-2024-21310568fa)
https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html ([debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/ (FEDORA-2024-b0f9656a76)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/ (FEDORA-2024-4e36df9dfd)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ (FEDORA-2024-499b9be35f)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/ (FEDORA-2024-c36c448396)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/ (FEDORA-2024-c967c7d287)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/ (FEDORA-2024-e00eceb11c)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/ (FEDORA-2024-fae88b73eb)
https://security.netapp.com/advisory/ntap-20240307-0008/
https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html ([debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update)