Vulnerability CVE-2023-50868: Information
Description
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
unbound | sisyphus | 1.19.1-alt1 | 1.20.0-alt1 | ALT-PU-2024-2451-1 | 340809 | Fixed |
unbound | sisyphus_e2k | 1.19.1-alt1 | 1.20.0-alt1 | ALT-PU-2024-2533-1 | - | Fixed |
unbound | sisyphus_riscv64 | 1.19.1-alt1 | 1.20.0-alt1 | ALT-PU-2024-3536-1 | - | Fixed |
unbound | sisyphus_loongarch64 | 1.19.1-alt1 | 1.20.0-alt1 | ALT-PU-2024-2503-1 | - | Fixed |
unbound | p10 | 1.19.1-alt1 | 1.20.0-alt1 | ALT-PU-2024-2453-2 | 340810 | Fixed |
unbound | p10_e2k | 1.19.1-alt1 | 1.20.0-alt1 | ALT-PU-2024-2787-1 | - | Fixed |
unbound | p9 | 1.19.1-alt1 | 1.20.0-alt1 | ALT-PU-2024-2605-2 | 340811 | Fixed |
unbound | c10f1 | 1.19.1-alt1 | 1.20.0-alt1 | ALT-PU-2024-2607-2 | 340813 | Fixed |
unbound | c9f2 | 1.19.1-alt1 | 1.20.0-alt1 | ALT-PU-2024-2455-2 | 340812 | Fixed |