ALT-PU-2024-3156-3
Closed vulnerabilities
Published: 2023-03-08
BDU:2023-02265
Уязвимость DNS-сервера Dnsmasq. связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2024-02-13
BDU:2024-01359
Уязвимость компонента DNSSEC реализации протокола DNS сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-03-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-28450
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://capec.mitre.org/data/definitions/495.html
- FEDORA-2023-eeca11a4df
- FEDORA-2023-828bf01834
- https://thekelleys.org.uk/dnsmasq/doc.html
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=blob%3Bf=CHANGELOG
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
- https://capec.mitre.org/data/definitions/495.html
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=blob%3Bf=CHANGELOG
- https://thekelleys.org.uk/dnsmasq/doc.html
- FEDORA-2023-828bf01834
- FEDORA-2023-eeca11a4df
Published: 2024-02-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- [oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
- [oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
- [oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
- [oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
- https://access.redhat.com/security/cve/CVE-2023-50387
- https://access.redhat.com/security/cve/CVE-2023-50387
- https://bugzilla.suse.com/show_bug.cgi?id=1219823
- https://bugzilla.suse.com/show_bug.cgi?id=1219823
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
- https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
- https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
- https://kb.isc.org/docs/cve-2023-50387
- https://kb.isc.org/docs/cve-2023-50387
- [debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update
- [debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update
- [debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update
- [debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update
- FEDORA-2024-c967c7d287
- FEDORA-2024-c967c7d287
- FEDORA-2024-e24211eff0
- FEDORA-2024-e24211eff0
- FEDORA-2024-c36c448396
- FEDORA-2024-c36c448396
- FEDORA-2024-e00eceb11c
- FEDORA-2024-e00eceb11c
- FEDORA-2024-21310568fa
- FEDORA-2024-21310568fa
- FEDORA-2024-499b9be35f
- FEDORA-2024-499b9be35f
- FEDORA-2024-2e26eccfcb
- FEDORA-2024-2e26eccfcb
- FEDORA-2024-b0f9656a76
- FEDORA-2024-b0f9656a76
- FEDORA-2024-4e36df9dfd
- FEDORA-2024-4e36df9dfd
- FEDORA-2024-fae88b73eb
- FEDORA-2024-fae88b73eb
- https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
- https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387
- https://news.ycombinator.com/item?id=39367411
- https://news.ycombinator.com/item?id=39367411
- https://news.ycombinator.com/item?id=39372384
- https://news.ycombinator.com/item?id=39372384
- https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
- https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
- https://security.netapp.com/advisory/ntap-20240307-0007/
- https://security.netapp.com/advisory/ntap-20240307-0007/
- https://www.athene-center.de/aktuelles/key-trap
- https://www.athene-center.de/aktuelles/key-trap
- https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
- https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
- https://www.isc.org/blogs/2024-bind-security-release/
- https://www.isc.org/blogs/2024-bind-security-release/
- https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/
- https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/
- https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
- https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/