CVE-2023-50387

描述

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

受影響套件(15)

• Alpine/bindfrom 0, < 9.16.48-r0
• Alpine/dnsmasqfrom 0, < 2.90-r0
• Alpine/unboundfrom 0, < 1.19.1-r0
• Debian/bind9from 0, < 1:9.16.48-1
• Debian/bind9from 0, < 1:9.11.5.P4+dfsg-5.1+deb10u11
• Debian/dnsjavafrom 0
• Debian/dnsmasqfrom 0, < 2.85-1+deb11u1
• Debian/knot-resolverfrom 0
• Debian/pdns-recursorfrom 0, < 4.8.6-1
• Debian/pdns-recursorfrom 0
• Debian/systemdfrom 0, < 247.3-7+deb11u6
• Debian/systemdfrom 0, < 247.3-7+deb11u6
• Debian/unboundfrom 0, < 1.13.1-1+deb11u2
• Debian/unboundfrom 0, < 1.13.1-1+deb11u2
• Debian/unboundfrom 0, < 1.9.0-2+deb10u4

CVSS 分數

參考連結(2)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2023-50387
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-50387