CVE-2023-50387

CVE-2023-50387

Name

CVE-2023-50387

Description

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://datatracker.ietf.org/doc/html/rfc4035
cve@mitre.org	https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
cve@mitre.org	https://kb.isc.org/docs/cve-2023-50387
cve@mitre.org	https://news.ycombinator.com/item?id=39367411
cve@mitre.org	https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
cve@mitre.org	https://www.athene-center.de/aktuelles/key-trap
cve@mitre.org	https://www.isc.org/blogs/2024-bind-security-release/
cve@mitre.org	https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/
cve@mitre.org	https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
cve@mitre.org	https://news.ycombinator.com/item?id=39372384
cve@mitre.org	https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
cve@mitre.org	https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
cve@mitre.org	https://access.redhat.com/security/cve/CVE-2023-50387
cve@mitre.org	https://bugzilla.suse.com/show_bug.cgi?id=1219823
cve@mitre.org	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387
cve@mitre.org	https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
mailing-list	http://www.openwall.com/lists/oss-security/2024/02/16/2
mailing-list	http://www.openwall.com/lists/oss-security/2024/02/16/3
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
mailing-list	https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
cve@mitre.org	https://security.netapp.com/advisory/ntap-20240307-0007/
mailing-list	https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/11/msg00035.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/09/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/

Type

URI

cve@mitre.org

https://datatracker.ietf.org/doc/html/rfc4035

cve@mitre.org

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html

cve@mitre.org

https://kb.isc.org/docs/cve-2023-50387

cve@mitre.org

https://news.ycombinator.com/item?id=39367411

cve@mitre.org

https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

cve@mitre.org

https://www.athene-center.de/aktuelles/key-trap

cve@mitre.org

https://www.isc.org/blogs/2024-bind-security-release/

cve@mitre.org

https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/

cve@mitre.org

https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/

cve@mitre.org

https://news.ycombinator.com/item?id=39372384

cve@mitre.org

https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1

cve@mitre.org

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html

cve@mitre.org

https://access.redhat.com/security/cve/CVE-2023-50387

cve@mitre.org

https://bugzilla.suse.com/show_bug.cgi?id=1219823

cve@mitre.org

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387

cve@mitre.org

https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf

mailing-list

http://www.openwall.com/lists/oss-security/2024/02/16/2

mailing-list

http://www.openwall.com/lists/oss-security/2024/02/16/3

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/

mailing-list

https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/

cve@mitre.org

https://security.netapp.com/advisory/ntap-20240307-0007/

mailing-list

https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html