CVE-2023-50387

Updated: 2024-03-07 19:25:50.469676

Description:

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU bind 9.16.23 7.5 HIGH Released CLSA-2024:1709547568 2024-03-04 08:42:21
CentOS 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2024:1710437162 2024-03-25 09:51:19
CentOS 7 ELS bind 9.11.4 7.5 HIGH Released CLSA-2024:1709550046 2024-03-15 14:09:29
CentOS 8.4 ELS bind 9.11.26 7.5 HIGH Released CLSA-2024:1709550262 2024-03-04 08:42:22
CentOS 8.5 ELS bind 9.11.26 7.5 HIGH Released CLSA-2024:1709561259 2024-03-04 10:08:53
CloudLinux 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2024:1710439896 2024-03-25 09:51:20
Oracle Linux 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2024:1710437080 2024-03-14 14:09:21
Ubuntu 16.04 ELS bind9 9.10.3 7.5 HIGH Released CLSA-2024:1709562163 2024-03-04 10:08:54
Ubuntu 18.04 ELS bind9 9.11.3 7.5 HIGH Released CLSA-2024:1709562964 2024-03-04 10:08:55