CVE-2023-29483
- Source
- https://cve.org/CVERecord?id=CVE-2023-29483
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29483.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-29483
- Aliases
- Downstream
- Related
- Published
- 2024-04-11T14:15:12.010Z
- Modified
- 2026-02-19T08:33:16.689984Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator
- Summary
- [none]
- Details
-
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
- References
-
- https://www.dnspython.org/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/
- https://github.com/eventlet/eventlet/releases/tag/v0.35.2
- https://github.com/rthalley/dnspython/releases/tag/v2.6.0
- https://security.netapp.com/advisory/ntap-20240510-0001/
- https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713
- https://github.com/eventlet/eventlet/issues/913
- https://github.com/rthalley/dnspython/issues/1045
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/
- https://github.com/eventlet/eventlet/issues/913
- https://github.com/rthalley/dnspython/issues/1045
Affected packages
Git / gitlab.com/wireshark/wireshark
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/wireshark/wireshark
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
backups/ethereal@18706
ethereal-0-3-15
start
ethereal-0.*
ethereal-0.3.15
v1.*
v1.11.0
v1.11.0-rc1
v1.11.1
v1.11.1-rc1
v1.11.2
v1.11.2-rc1
v1.11.3
v1.11.3-rc1
v1.11.4-rc1
v1.99.0
v1.99.0-rc1
v1.99.1
v1.99.10rc0
v1.99.1rc0
v1.99.2
v1.99.2rc0
v1.99.3
v1.99.3rc0
v1.99.4
v1.99.4rc0
v1.99.5
v1.99.5rc0
v1.99.6
v1.99.6rc0
v1.99.7
v1.99.7rc0
v1.99.8
v1.99.8rc0
v1.99.9
v1.99.9rc0
v2.*
v2.1.0
v2.1.0rc0
v2.1.1
v2.1.1rc0
v2.1.2rc0
v2.3.0rc0
v2.5.0
v2.5.0rc0
v2.5.1
v2.5.1rc0
v2.5.2rc0
v2.6.0rc0
wireshark-1.*
wireshark-1.11.3
wireshark-1.99.0
wireshark-1.99.1
wireshark-1.99.2
wireshark-1.99.3
wireshark-1.99.4
wireshark-1.99.5
wireshark-1.99.6
wireshark-1.99.7
wireshark-1.99.8
wireshark-1.99.9
wireshark-2.*
wireshark-2.1.0
wireshark-2.1.1
wireshark-2.5.0