CVE-2023-50868
HIGH7.5EPSS 12.4%發布日:2024/2/14修改日:2025/12/24
也稱為:ALPINE-CVE-2023-50868
描述
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
受影響套件(10)
- Alpine/bindfrom 0, < 9.16.48-r0
- Alpine/dnsmasqfrom 0, < 2.90-r0
- Alpine/unboundfrom 0, < 1.19.1-r0
- Debian/bind9from 0, < 1:9.16.48-1
- Debian/dnsjavafrom 0
- Debian/dnsmasqfrom 0, < 2.85-1+deb11u1
- Debian/knot-resolverfrom 0
- Debian/pdns-recursorfrom 0
- Debian/systemdfrom 0, < 247.3-7+deb11u6
- Debian/unboundfrom 0, < 1.13.1-1+deb11u2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |