ГлавнаяУязвимости → CVE-2023-50387
7.5высокая

CVE-2023-50387

→ есть в БДУ: BDU:2024-01359 (на русском)
Описание (на английском; русское — в БДУ выше)

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Затрагиваемое ПО
Redhat Enterprise linuxMicrosoft Windows server 2008Microsoft Windows server 2012Microsoft Windows server 2016Microsoft Windows server 2019Microsoft Windows server 2022Microsoft Windows server 2022 23h2Fedoraproject FedoraThekelleys DnsmasqNic Knot resolverPowerdns RecursorIsc BindNlnetlabs Unbound
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
http://www.openwall.com/lists/oss-security/2024/02/16/2http://www.openwall.com/lists/oss-security/2024/02/16/3https://access.redhat.com/security/cve/CVE-2023-50387https://bugzilla.suse.com/show_bug.cgi?id=1219823https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.htmlhttps://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1https://kb.isc.org/docs/cve-2023-50387https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html