CVE-2023-50387

Updated: 2024-11-30 04:24:44.501603

Description:

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU dhcp 4.4.2 7.5 HIGH Not Vulnerable 2024-10-11 10:45:33
AlmaLinux 9.2 ESU bind 9.16.23 7.5 HIGH Released CLSA-2024:1709547568 2024-03-04 08:42:21
CentOS 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2024:1710437162 2024-03-25 09:51:19
CentOS 6 ELS dhcp 4.1.1 7.5 HIGH Not Vulnerable 2024-10-11 10:45:33
CentOS 7 ELS bind 9.11.4 7.5 HIGH Released CLSA-2024:1709550046 2024-03-15 14:09:29
CentOS 7 ELS dnsmasq 2.76 7.5 HIGH Not Vulnerable 2024-09-06 17:31:30
CentOS 7 ELS unbound 1.6.6 7.5 HIGH Released CLSA-2024:1722529717 2024-08-15 03:45:32
CentOS 7 ELS dhcp 4.2.5 7.5 HIGH Not Vulnerable 2024-10-09 14:26:49
CentOS 8.4 ELS bind 9.11.26 7.5 HIGH Released CLSA-2024:1709550262 2024-03-04 08:42:22
CentOS 8.4 ELS dhcp 4.3.6-44 7.5 HIGH Not Vulnerable 2024-10-11 10:45:33
Total: 24