CVE-2023-50868

HIGH

ISC BIND - Denial of Service via NSEC3 Closest Encloser Proof

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-50868. PoCs published by Goethe-Universitat-Cybersecurity.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2023-50868, an NSEC3 Encloser Attack affecting DNSSEC implementations. It includes tools to generate malicious DNS zonefiles and a Docker-based test environment to reproduce the attack against NSD and Unbound resolvers.

Description

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

Exploits (1)

nomisec WORKING POC 6 stars
by Goethe-Universitat-Cybersecurity · poc
https://github.com/Goethe-Universitat-Cybersecurity/NSEC3-Encloser-Attack

This repository provides a functional proof-of-concept for CVE-2023-50868, an NSEC3 Encloser Attack affecting DNSSEC implementations. It includes tools to generate malicious DNS zonefiles and a Docker-based test environment to reproduce the attack against NSD and Unbound resolvers.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: DNSSEC implementations (e.g., NSD, Unbound)
No auth needed
Prerequisites: Python3 with cryptography and dnspython libraries · Docker for test environment setup
mistral-large-3 · analyzed Feb 19, 2026 Full analysis →

References (29)

Core 29
Core References
Exploit, Mitigation, Press/Media Coverage
https://www.isc.org/blogs/2024-bind-security-release/
Issue Tracking, Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2024/02/16/2
Issue Tracking, Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2024/02/16/3
Vendor Advisory, Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html
Vendor Advisory, Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html

Scores

CVSS v3 7.5
EPSS 0.8173
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (16)
debian/debian_linux 10.0
debian/debian_linux 11.0
fedoraproject/fedora 38
fedoraproject/fedora 39
isc/bind 9.0.0 - 9.16.48
isc/bind 9.18.11 - 9.18.24
isc/bind 9.9.3 - 9.16.48
netapp/active_iq_unified_manager
netapp/bootstrap_os
netapp/hci_baseboard_management_controller
... and 6 more
Published Feb 14, 2024
Tracked Since Feb 18, 2026