CVE-2023-50868

Updated: 2024-03-06 19:48:45.724108

Description:

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU bind 9.16.23 7.5 HIGH Released CLSA-2024:1709547568 2024-03-04 08:42:16
CentOS 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2024:1710437162 2024-03-25 09:51:17
CentOS 7 ELS bind 9.11.4 7.5 HIGH Released CLSA-2024:1709550046 2024-03-15 14:09:27
CentOS 8.4 ELS bind 9.11.26 7.5 HIGH Released CLSA-2024:1709550262 2024-03-04 08:42:17
CentOS 8.5 ELS bind 9.11.26 7.5 HIGH Released CLSA-2024:1709561259 2024-03-04 10:08:50
CloudLinux 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2024:1710439896 2024-03-25 09:51:18
Oracle Linux 6 ELS bind 9.8.2 7.5 HIGH Released CLSA-2024:1710437080 2024-03-14 14:09:18
Ubuntu 16.04 ELS bind9 9.10.3 7.5 HIGH Released CLSA-2024:1709562163 2024-03-04 10:08:45
Ubuntu 18.04 ELS bind9 9.11.3 7.5 HIGH Released CLSA-2024:1709562964 2024-03-04 10:08:43