Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
07 Mar 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Mar 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Feb 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Feb 2024, 16:27
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Feb 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Feb 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Feb 2024, 16:55
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-770 | |
References | () http://www.openwall.com/lists/oss-security/2024/02/16/2 - Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2024/02/16/3 - Mailing List | |
References | () https://access.redhat.com/security/cve/CVE-2023-50387 - Third Party Advisory | |
References | () https://bugzilla.suse.com/show_bug.cgi?id=1219823 - Issue Tracking | |
References | () https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html - Third Party Advisory | |
References | () https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 - Patch | |
References | () https://kb.isc.org/docs/cve-2023-50387 - Third Party Advisory, VDB Entry | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ - Mailing List | |
References | () https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html - Mailing List, Third Party Advisory | |
References | () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387 - Patch, Vendor Advisory | |
References | () https://news.ycombinator.com/item?id=39367411 - Third Party Advisory | |
References | () https://news.ycombinator.com/item?id=39372384 - Issue Tracking | |
References | () https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ - Vendor Advisory | |
References | () https://www.athene-center.de/aktuelles/key-trap - Third Party Advisory | |
References | () https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf - Technical Description, Third Party Advisory | |
References | () https://www.isc.org/blogs/2024-bind-security-release/ - Third Party Advisory | |
References | () https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/ - Press/Media Coverage, Third Party Advisory | |
References | () https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ - Patch, Third Party Advisory | |
CPE | cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:* cpe:2.3:a:nic:knot_resolver:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:* cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:* |
|
First Time |
Redhat enterprise Linux
Nlnetlabs unbound Microsoft windows Server 2008 Nic Fedoraproject fedora Thekelleys dnsmasq Fedoraproject Nic knot Resolver Powerdns recursor Thekelleys Microsoft windows Server 2019 Isc Redhat Isc bind Microsoft windows Server 2022 Microsoft windows Server 2016 Powerdns Microsoft windows Server 2022 23h2 Microsoft windows Server 2012 Nlnetlabs Microsoft |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
19 Feb 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Feb 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Feb 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Feb 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Feb 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
|
Summary | (en) Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. |
15 Feb 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Feb 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Feb 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Feb 2024, 18:04
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Published : 2024-02-14 16:15
Updated : 2024-03-07 17:15
NVD link : CVE-2023-50387
Mitre link : CVE-2023-50387
CVE.ORG link : CVE-2023-50387
JSON object : View
thekelleys
- dnsmasq
redhat
- enterprise_linux
fedoraproject
- fedora
nic
- knot_resolver
nlnetlabs
- unbound
microsoft
- windows_server_2008
- windows_server_2022
- windows_server_2022_23h2
- windows_server_2012
- windows_server_2016
- windows_server_2019
isc
- bind
powerdns
- recursor
Allocation of Resources Without Limits or Throttling