CVE-2023-50868
CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/security/cve/CVE-2023-50868https://bugzilla.suse.com/show_bug.cgi?id=1219826https://datatracker.ietf.org/doc/html/rfc5155https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.htmlhttps://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1https://kb.isc.org/docs/cve-2023-50868https://lists.debian.org/debian-lts-announce/2024/02/msg00006.htmlhttps://lists.debian.org/debian-lts-announce/2024/05/msg00011.htmlhttps://lists.debian.org/debian-lts-announce/2024/09/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2024/11/msg00035.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/