THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2023-50868

Reserved:2023-12-14
Published:2024-02-14
Updated:2024-06-10

Description

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

References

https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html

https://www.isc.org/blogs/2024-bind-security-release/

https://datatracker.ietf.org/doc/html/rfc5155

https://kb.isc.org/docs/cve-2023-50868

https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html

https://access.redhat.com/security/cve/CVE-2023-50868

https://bugzilla.suse.com/show_bug.cgi?id=1219826

http://www.openwall.com/lists/oss-security/2024/02/16/2 ([oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities) mailing-list

http://www.openwall.com/lists/oss-security/2024/02/16/3 ([oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities) mailing-list

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ (FEDORA-2024-2e26eccfcb) vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ (FEDORA-2024-e24211eff0) vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ (FEDORA-2024-21310568fa) vendor-advisory

https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html ([debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update) mailing-list

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/ (FEDORA-2024-b0f9656a76) vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/ (FEDORA-2024-4e36df9dfd) vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ (FEDORA-2024-499b9be35f) vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/ (FEDORA-2024-c36c448396) vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/ (FEDORA-2024-c967c7d287) vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/ (FEDORA-2024-e00eceb11c) vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/ (FEDORA-2024-fae88b73eb) vendor-advisory

https://security.netapp.com/advisory/ntap-20240307-0008/

https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html ([debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update) mailing-list

cve.org CVE-2023-50868

nvd.nist.gov CVE-2023-50868

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-50868