Vulnerability CVE-2023-50868: Information

Description

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-50868
Published: Feb. 14, 2024
Modified: March 7, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
unboundsisyphus1.19.1-alt11.20.0-alt1ALT-PU-2024-2451-1340809Fixed
unboundsisyphus_e2k1.19.1-alt11.20.0-alt1ALT-PU-2024-2533-1-Fixed
unboundsisyphus_riscv641.19.1-alt11.20.0-alt1ALT-PU-2024-3536-1-Fixed
unboundsisyphus_loongarch641.19.1-alt11.20.0-alt1ALT-PU-2024-2503-1-Fixed
unboundp101.19.1-alt11.20.0-alt1ALT-PU-2024-2453-2340810Fixed
unboundp10_e2k1.19.1-alt11.20.0-alt1ALT-PU-2024-2787-1-Fixed
unboundp91.19.1-alt11.20.0-alt1ALT-PU-2024-2605-2340811Fixed
unboundc10f11.19.1-alt11.20.0-alt1ALT-PU-2024-2607-2340813Fixed
unboundc9f21.19.1-alt11.20.0-alt1ALT-PU-2024-2455-2340812Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
    https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
      https://www.isc.org/blogs/2024-bind-security-release/
        https://datatracker.ietf.org/doc/html/rfc5155
          https://kb.isc.org/docs/cve-2023-50868
            https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
              https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
                https://access.redhat.com/security/cve/CVE-2023-50868
                  https://bugzilla.suse.com/show_bug.cgi?id=1219826
                    [oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
                      [oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
                        FEDORA-2024-2e26eccfcb
                          FEDORA-2024-e24211eff0
                            FEDORA-2024-21310568fa
                              [debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update
                                FEDORA-2024-b0f9656a76
                                  FEDORA-2024-4e36df9dfd
                                    FEDORA-2024-499b9be35f
                                      FEDORA-2024-c36c448396
                                        FEDORA-2024-c967c7d287
                                          FEDORA-2024-e00eceb11c
                                            FEDORA-2024-fae88b73eb
                                              https://security.netapp.com/advisory/ntap-20240307-0008/
                                                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                                Version: v24.5.1
                                                Back to top