CVE-2023-50387

CVE-2023-50387

Name

CVE-2023-50387

Description

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://datatracker.ietf.org/doc/html/rfc4035
cve@mitre.org	https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
cve@mitre.org	https://kb.isc.org/docs/cve-2023-50387
cve@mitre.org	https://news.ycombinator.com/item?id=39367411
cve@mitre.org	https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
cve@mitre.org	https://www.athene-center.de/aktuelles/key-trap
cve@mitre.org	https://www.isc.org/blogs/2024-bind-security-release/
cve@mitre.org	https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/
cve@mitre.org	https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
cve@mitre.org	https://news.ycombinator.com/item?id=39372384
cve@mitre.org	https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
cve@mitre.org	https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
cve@mitre.org	https://access.redhat.com/security/cve/CVE-2023-50387
cve@mitre.org	https://bugzilla.suse.com/show_bug.cgi?id=1219823
cve@mitre.org	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387
cve@mitre.org	https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
cve@mitre.org	http://www.openwall.com/lists/oss-security/2024/02/16/2
cve@mitre.org	http://www.openwall.com/lists/oss-security/2024/02/16/3
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
cve@mitre.org	https://security.netapp.com/advisory/ntap-20240307-0007/
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html

Type

URI

cve@mitre.org

https://datatracker.ietf.org/doc/html/rfc4035

cve@mitre.org

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html

cve@mitre.org

https://kb.isc.org/docs/cve-2023-50387

cve@mitre.org

https://news.ycombinator.com/item?id=39367411

cve@mitre.org

https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

cve@mitre.org

https://www.athene-center.de/aktuelles/key-trap

cve@mitre.org

https://www.isc.org/blogs/2024-bind-security-release/

cve@mitre.org

https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/

cve@mitre.org

https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/

cve@mitre.org

https://news.ycombinator.com/item?id=39372384

cve@mitre.org

https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1

cve@mitre.org

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html

cve@mitre.org

https://access.redhat.com/security/cve/CVE-2023-50387

cve@mitre.org

https://bugzilla.suse.com/show_bug.cgi?id=1219823

cve@mitre.org

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387

cve@mitre.org

https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf

cve@mitre.org

http://www.openwall.com/lists/oss-security/2024/02/16/2

cve@mitre.org

http://www.openwall.com/lists/oss-security/2024/02/16/3

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/

cve@mitre.org

https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/

cve@mitre.org

https://security.netapp.com/advisory/ntap-20240307-0007/

cve@mitre.org

https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*`	enterprise_linux	== None	== 6.0
`cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*`	enterprise_linux	== None	== 7.0
`cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*`	enterprise_linux	== None	== 8.0
`cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*`	enterprise_linux	== None	== 9.0

CPE URI

Source package

Min version

Max version

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

enterprise_linux

== None

== 6.0

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

enterprise_linux

== None

== 7.0

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

enterprise_linux

== None

== 8.0

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

enterprise_linux

== None

== 9.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
bind	3.16-main	9.16.48-r0	None	fixed
dnsmasq	3.18-main	2.90-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
knot-resolver	3.19-community	5.7.1-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
dnsmasq	3.17-main	2.90-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

bind

3.16-main

9.16.48-r0

None

fixed

dnsmasq

3.18-main