CVE-2023-50387
HIGHRedhat Enterprise Linux < 2.90 - Resource Allocation Without Limits
Title source: ruleDescription
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Exploits (3)
References (36)
Core 36
Core References
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-50387
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1219823
Third Party Advisory
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
Third Party Advisory, VDB Entry
https://kb.isc.org/docs/cve-2023-50387
Mailing List, Third Party Advisory
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
Patch, Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387
Third Party Advisory
https://news.ycombinator.com/item?id=39367411
Issue Tracking
https://news.ycombinator.com/item?id=39372384
Vendor Advisory
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Third Party Advisory
https://www.athene-center.de/aktuelles/key-trap
Technical Description, Third Party Advisory
https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
Third Party Advisory
https://www.isc.org/blogs/2024-bind-security-release/
Press/Media Coverage, Third Party Advisory
https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/
Patch, Third Party Advisory
https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2024/02/16/2
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0007/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2024/02/16/3
Mailing List vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/
Mailing List vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
Mailing List vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html
Scores
CVSS v3
7.5
EPSS
0.5199
EPSS Percentile
97.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (17)
fedoraproject/fedora
39
isc/bind
9.0.0 - 9.16.46
microsoft/windows_server_2008
r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012
r2
microsoft/windows_server_2016
microsoft/windows_server_2019
microsoft/windows_server_2022
microsoft/windows_server_2022_23h2
nic/knot_resolver
< 5.71
... and 7 more
Published
Feb 14, 2024
Tracked Since
Feb 18, 2026