CVE-2023-50868
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-50868
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50868.json
- Related
-
- ALSA-2024:0965
- ALSA-2024:0977
- ALSA-2024:1334
- ALSA-2024:1335
- ALSA-2024:1781
- ALSA-2024:1782
- ALSA-2024:1789
- ALSA-2024:2551
- DLA-3736-1
- DSA-5620-1
- DSA-5621-1
- DSA-5626-1
- DSA-5633-1
- RLSA-2024:1335
- RLSA-2024:1781
- RLSA-2024:1782
- RLSA-2024:2551
- USN-6633-1
- USN-6642-1
- USN-6657-1
- USN-6657-2
- USN-6665-1
- USN-6723-1
- Published
- 2024-02-14T16:15:45Z
- Modified
- 2024-03-08T21:23:01.280085Z
- Summary
- [none]
- Details
-
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
- References
-
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
- https://security.netapp.com/advisory/ntap-20240307-0008/
- https://www.isc.org/blogs/2024-bind-security-release/
- https://bugzilla.suse.com/show_bug.cgi?id=1219826
- http://www.openwall.com/lists/oss-security/2024/02/16/2
- http://www.openwall.com/lists/oss-security/2024/02/16/3
- https://access.redhat.com/security/cve/CVE-2023-50868
- https://datatracker.ietf.org/doc/html/rfc5155
- https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
- https://kb.isc.org/docs/cve-2023-50868
- https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
- https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
- https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Affected packages
Alpine:v3.16 / bind
Package
- Name
- bind
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed9.16.48-r0
Affected versions
9.*
9.6.0_p1-r0
9.6.0_p1-r1
9.6.1_p1-r0
9.6.1_p1-r1
9.6.1_p2-r1
9.6.1_p3-r1
9.7.0_p1-r1
9.7.1-r1
9.7.1_p2-r1
9.7.2-r1
9.7.2_p1-r1
9.7.2_p2-r1
9.7.2_p3-r1
9.7.3-r1
9.8.0-r1
9.8.0_p1-r1
9.8.0_p2-r1
9.8.0_p4-r1
9.8.1-r1
9.8.1_p1-r1
9.9.0-r1
9.9.1-r1
9.9.1_p1-r1
9.9.1_p2-r1
9.9.1_p3-r1
9.9.2-r1
9.9.2_p1-r1
9.9.2_p2-r1
9.9.3-r1
9.9.3_p1-r1
9.9.3_p2-r1
9.9.4-r1
9.9.4_p1-r1
9.9.4_p2-r1
9.9.5-r1
9.10.0-r1
9.10.0_p1-r1
9.10.0_p2-r1
9.10.1-r1
9.10.1_p1-r1
9.10.1_p2-r1
9.10.2-r1
9.10.2_p1-r1
9.10.2_p2-r1
9.10.2_p3-r1
9.10.2_p4-r1
9.10.3-r1
9.10.3_p2-r1
9.10.3_p3-r1
9.10.3_p4-r1
9.10.4-r1
9.10.4_p1-r1
9.10.4_p2-r1
9.10.4_p3-r1
9.10.4_p4-r1
9.10.4_p5-r1
9.11.0_p2-r1
9.11.0_p3-r1
9.11.0_p5-r1
9.11.1-r1
9.11.1_p1-r1
9.11.1_p2-r1
9.11.2-r1
9.11.2_p1-r1
9.12.0-r1
9.12.1_p2-r1
9.12.2_p1-r1
9.12.3-r1
9.12.3_p1-r1
9.12.3_p4-r1
9.14.0-r1
9.14.1-r1
9.14.4-r1
9.14.7-r1
9.14.8-r1
9.14.12-r1
9.16.5-r1
9.16.6-r1
9.16.7-r1
9.16.8-r1
9.16.10-r1
9.16.11-r1
9.16.15-r1
9.16.16-r1
9.16.17-r1
9.16.18-r1
9.16.19-r1
9.16.20-r1
9.16.22-r1
9.16.24-r1
9.16.25-r1
9.16.27-r1
9.16.28-r1
9.16.29-r1
9.16.33-r1
9.16.36-r1
9.16.37-r1
9.16.39-r1
9.16.42-r1
9.16.44-r1
Alpine:v3.17 / bind
Package
- Name
- bind
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed9.18.24-r0
Affected versions
9.*
9.6.0_p1-r0
9.6.0_p1-r1
9.6.1_p1-r0
9.6.1_p1-r1
9.6.1_p2-r1
9.6.1_p3-r1
9.7.0_p1-r1
9.7.1-r1
9.7.1_p2-r1
9.7.2-r1
9.7.2_p1-r1
9.7.2_p2-r1
9.7.2_p3-r1
9.7.3-r1
9.8.0-r1
9.8.0_p1-r1
9.8.0_p2-r1
9.8.0_p4-r1
9.8.1-r1
9.8.1_p1-r1
9.9.0-r1
9.9.1-r1
9.9.1_p1-r1
9.9.1_p2-r1
9.9.1_p3-r1
9.9.2-r1
9.9.2_p1-r1
9.9.2_p2-r1
9.9.3-r1
9.9.3_p1-r1
9.9.3_p2-r1
9.9.4-r1
9.9.4_p1-r1
9.9.4_p2-r1
9.9.5-r1
9.10.0-r1
9.10.0_p1-r1
9.10.0_p2-r1
9.10.1-r1
9.10.1_p1-r1
9.10.1_p2-r1
9.10.2-r1
9.10.2_p1-r1
9.10.2_p2-r1
9.10.2_p3-r1
9.10.2_p4-r1
9.10.3-r1
9.10.3_p2-r1
9.10.3_p3-r1
9.10.3_p4-r1
9.10.4-r1
9.10.4_p1-r1
9.10.4_p2-r1
9.10.4_p3-r1
9.10.4_p4-r1
9.10.4_p5-r1
9.11.0_p2-r1
9.11.0_p3-r1
9.11.0_p5-r1
9.11.1-r1
9.11.1_p1-r1
9.11.1_p2-r1
9.11.2-r1
9.11.2_p1-r1
9.12.0-r1
9.12.1_p2-r1
9.12.2_p1-r1
9.12.3-r1
9.12.3_p1-r1
9.12.3_p4-r1
9.14.0-r1
9.14.1-r1
9.14.4-r1
9.14.7-r1
9.14.8-r1
9.14.12-r1
9.16.5-r1
9.16.6-r1
9.16.7-r1
9.16.8-r1
9.16.10-r1
9.16.11-r1
9.16.15-r1
9.16.16-r1
9.16.17-r1
9.16.18-r1
9.16.19-r1
9.16.20-r1
9.16.22-r1
9.16.24-r1
9.16.25-r1
9.16.27-r1
9.16.28-r1
9.16.29-r1
9.18.3-r1
9.18.4-r1
9.18.5-r1
9.18.7-r1
9.18.8-r1
9.18.9-r1
9.18.10-r1
9.18.11-r1
9.18.13-r1
9.18.16-r1
9.18.19-r1
Alpine:v3.17 / dnsmasq
Package
- Name
- dnsmasq
Alpine:v3.17 / unbound
Package
- Name
- unbound
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed1.19.1-r0
Affected versions
1.*
1.4.10-r0
1.4.10-r1
1.4.10-r2
1.4.10-r3
1.4.13-r0
1.4.13-r1
1.4.13-r2
1.4.13-r3
1.4.14-r0
1.4.15-r0
1.4.16-r0
1.4.17-r0
1.4.18-r0
1.4.19-r0
1.4.19-r1
1.4.19-r2
1.4.20-r0
1.4.20-r1
1.4.20-r2
1.4.21-r0
1.4.21-r1
1.4.21-r2
1.4.22-r0
1.4.22-r1
1.5.1-r0
1.5.2-r0
1.5.2-r1
1.5.3-r0
1.5.4-r0
1.5.6-r0
1.5.6-r1
1.5.6-r2
1.5.6-r3
1.5.6-r4
1.5.7-r0
1.5.7-r1
1.5.8-r0
1.5.8-r1
1.5.9-r0
1.5.9-r1
1.5.10-r0
1.5.10-r1
1.5.10-r2
1.6.0-r0
1.6.0-r1
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.6.7-r1
1.6.7-r2
1.6.8-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.7.1-r0
1.7.3-r0
1.8.0-r0
1.8.1-r0
1.8.1-r1
1.8.3-r0
1.9.0-r0
1.9.1-r0
1.9.1-r1
1.9.1-r2
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.4-r0
1.9.4-r1
1.9.5-r0
1.9.5-r1
1.9.5-r2
1.9.5-r3
1.9.6-r0
1.10.0-r0
1.10.1-r0
1.10.1-r1
1.11.0-r0
1.12.0-r0
1.13.0-r0
1.13.0-r1
1.13.0-r2
1.13.0-r3
1.13.1-r0
1.13.1-r1
1.13.1-r2
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14.0-r0
1.14.0-r1
1.15.0-r0
1.16.0-r0
1.16.0-r1
1.16.1-r0
1.16.2-r0
1.16.2-r1
1.16.3-r1
1.17.0-r1
1.17.1-r1
Alpine:v3.18 / bind
Package
- Name
- bind
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed9.18.24-r0
Affected versions
9.*
9.6.0_p1-r0
9.6.0_p1-r1
9.6.1_p1-r0
9.6.1_p1-r1
9.6.1_p2-r1
9.6.1_p3-r1
9.7.0_p1-r1
9.7.1-r1
9.7.1_p2-r1
9.7.2-r1
9.7.2_p1-r1
9.7.2_p2-r1
9.7.2_p3-r1
9.7.3-r1
9.8.0-r1
9.8.0_p1-r1
9.8.0_p2-r1
9.8.0_p4-r1
9.8.1-r1
9.8.1_p1-r1
9.9.0-r1
9.9.1-r1
9.9.1_p1-r1
9.9.1_p2-r1
9.9.1_p3-r1
9.9.2-r1
9.9.2_p1-r1
9.9.2_p2-r1
9.9.3-r1
9.9.3_p1-r1
9.9.3_p2-r1
9.9.4-r1
9.9.4_p1-r1
9.9.4_p2-r1
9.9.5-r1
9.10.0-r1
9.10.0_p1-r1
9.10.0_p2-r1
9.10.1-r1
9.10.1_p1-r1
9.10.1_p2-r1
9.10.2-r1
9.10.2_p1-r1
9.10.2_p2-r1
9.10.2_p3-r1
9.10.2_p4-r1
9.10.3-r1
9.10.3_p2-r1
9.10.3_p3-r1
9.10.3_p4-r1
9.10.4-r1
9.10.4_p1-r1
9.10.4_p2-r1
9.10.4_p3-r1
9.10.4_p4-r1
9.10.4_p5-r1
9.11.0_p2-r1
9.11.0_p3-r1
9.11.0_p5-r1
9.11.1-r1
9.11.1_p1-r1
9.11.1_p2-r1
9.11.2-r1
9.11.2_p1-r1
9.12.0-r1
9.12.1_p2-r1
9.12.2_p1-r1
9.12.3-r1
9.12.3_p1-r1
9.12.3_p4-r1
9.14.0-r1
9.14.1-r1
9.14.4-r1
9.14.7-r1
9.14.8-r1
9.14.12-r1
9.16.5-r1
9.16.6-r1
9.16.7-r1
9.16.8-r1
9.16.10-r1
9.16.11-r1
9.16.15-r1
9.16.16-r1
9.16.17-r1
9.16.18-r1
9.16.19-r1
9.16.20-r1
9.16.22-r1
9.16.24-r1
9.16.25-r1
9.16.27-r1
9.16.28-r1
9.16.29-r1
9.18.3-r1
9.18.4-r1
9.18.5-r1
9.18.7-r1
9.18.8-r1
9.18.9-r1
9.18.10-r1
9.18.11-r1
9.18.13-r1
9.18.14-r1
9.18.16-r1
9.18.19-r1
Alpine:v3.18 / dnsmasq
Package
- Name
- dnsmasq
Alpine:v3.18 / unbound
Package
- Name
- unbound
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed1.19.1-r0
Affected versions
1.*
1.4.10-r0
1.4.10-r1
1.4.10-r2
1.4.10-r3
1.4.13-r0
1.4.13-r1
1.4.13-r2
1.4.13-r3
1.4.14-r0
1.4.15-r0
1.4.16-r0
1.4.17-r0
1.4.18-r0
1.4.19-r0
1.4.19-r1
1.4.19-r2
1.4.20-r0
1.4.20-r1
1.4.20-r2
1.4.21-r0
1.4.21-r1
1.4.21-r2
1.4.22-r0
1.4.22-r1
1.5.1-r0
1.5.2-r0
1.5.2-r1
1.5.3-r0
1.5.4-r0
1.5.6-r0
1.5.6-r1
1.5.6-r2
1.5.6-r3
1.5.6-r4
1.5.7-r0
1.5.7-r1
1.5.8-r0
1.5.8-r1
1.5.9-r0
1.5.9-r1
1.5.10-r0
1.5.10-r1
1.5.10-r2
1.6.0-r0
1.6.0-r1
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.6.7-r1
1.6.7-r2
1.6.8-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.7.1-r0
1.7.3-r0
1.8.0-r0
1.8.1-r0
1.8.1-r1
1.8.3-r0
1.9.0-r0
1.9.1-r0
1.9.1-r1
1.9.1-r2
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.4-r0
1.9.4-r1
1.9.5-r0
1.9.5-r1
1.9.5-r2
1.9.5-r3
1.9.6-r0
1.10.0-r0
1.10.1-r0
1.10.1-r1
1.11.0-r0
1.12.0-r0
1.13.0-r0
1.13.0-r1
1.13.0-r2
1.13.0-r3
1.13.1-r0
1.13.1-r1
1.13.1-r2
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14.0-r0
1.14.0-r1
1.15.0-r0
1.16.0-r0
1.16.0-r1
1.16.1-r0
1.16.2-r0
1.16.2-r1
1.16.3-r0
1.17.0-r0
1.17.0-r1
1.17.1-r0
1.17.1-r1
Alpine:v3.19 / bind
Package
- Name
- bind
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed9.18.24-r0
Affected versions
9.*
9.6.0_p1-r0
9.6.0_p1-r1
9.6.1_p1-r0
9.6.1_p1-r1
9.6.1_p2-r1
9.6.1_p3-r1
9.7.0_p1-r1
9.7.1-r1
9.7.1_p2-r1
9.7.2-r1
9.7.2_p1-r1
9.7.2_p2-r1
9.7.2_p3-r1
9.7.3-r1
9.8.0-r1
9.8.0_p1-r1
9.8.0_p2-r1
9.8.0_p4-r1
9.8.1-r1
9.8.1_p1-r1
9.9.0-r1
9.9.1-r1
9.9.1_p1-r1
9.9.1_p2-r1
9.9.1_p3-r1
9.9.2-r1
9.9.2_p1-r1
9.9.2_p2-r1
9.9.3-r1
9.9.3_p1-r1
9.9.3_p2-r1
9.9.4-r1
9.9.4_p1-r1
9.9.4_p2-r1
9.9.5-r1
9.10.0-r1
9.10.0_p1-r1
9.10.0_p2-r1
9.10.1-r1
9.10.1_p1-r1
9.10.1_p2-r1
9.10.2-r1
9.10.2_p1-r1
9.10.2_p2-r1
9.10.2_p3-r1
9.10.2_p4-r1
9.10.3-r1
9.10.3_p2-r1
9.10.3_p3-r1
9.10.3_p4-r1
9.10.4-r1
9.10.4_p1-r1
9.10.4_p2-r1
9.10.4_p3-r1
9.10.4_p4-r1
9.10.4_p5-r1
9.11.0_p2-r1
9.11.0_p3-r1
9.11.0_p5-r1
9.11.1-r1
9.11.1_p1-r1
9.11.1_p2-r1
9.11.2-r1
9.11.2_p1-r1
9.12.0-r1
9.12.1_p2-r1
9.12.2_p1-r1
9.12.3-r1
9.12.3_p1-r1
9.12.3_p4-r1
9.14.0-r1
9.14.1-r1
9.14.4-r1
9.14.7-r1
9.14.8-r1
9.14.12-r1
9.16.5-r1
9.16.6-r1
9.16.7-r1
9.16.8-r1
9.16.10-r1
9.16.11-r1
9.16.15-r1
9.16.16-r1
9.16.17-r1
9.16.18-r1
9.16.19-r1
9.16.20-r1
9.16.22-r1
9.16.24-r1
9.16.25-r1
9.16.27-r1
9.16.28-r1
9.16.29-r1
9.18.3-r1
9.18.4-r1
9.18.5-r1
9.18.7-r1
9.18.8-r1
9.18.9-r1
9.18.10-r1
9.18.11-r1
9.18.13-r1
9.18.14-r1
9.18.16-r1
9.18.17-r1
9.18.18-r1
9.18.19-r1
Alpine:v3.19 / dnsmasq
Package
- Name
- dnsmasq
Alpine:v3.19 / unbound
Package
- Name
- unbound
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed1.19.1-r0
Affected versions
1.*
1.4.10-r0
1.4.10-r1
1.4.10-r2
1.4.10-r3
1.4.13-r0
1.4.13-r1
1.4.13-r2
1.4.13-r3
1.4.14-r0
1.4.15-r0
1.4.16-r0
1.4.17-r0
1.4.18-r0
1.4.19-r0
1.4.19-r1
1.4.19-r2
1.4.20-r0
1.4.20-r1
1.4.20-r2
1.4.21-r0
1.4.21-r1
1.4.21-r2
1.4.22-r0
1.4.22-r1
1.5.1-r0
1.5.2-r0
1.5.2-r1
1.5.3-r0
1.5.4-r0
1.5.6-r0
1.5.6-r1
1.5.6-r2
1.5.6-r3
1.5.6-r4
1.5.7-r0
1.5.7-r1
1.5.8-r0
1.5.8-r1
1.5.9-r0
1.5.9-r1
1.5.10-r0
1.5.10-r1
1.5.10-r2
1.6.0-r0
1.6.0-r1
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.6.7-r1
1.6.7-r2
1.6.8-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.7.1-r0
1.7.3-r0
1.8.0-r0
1.8.1-r0
1.8.1-r1
1.8.3-r0
1.9.0-r0
1.9.1-r0
1.9.1-r1
1.9.1-r2
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.4-r0
1.9.4-r1
1.9.5-r0
1.9.5-r1
1.9.5-r2
1.9.5-r3
1.9.6-r0
1.10.0-r0
1.10.1-r0
1.10.1-r1
1.11.0-r0
1.12.0-r0
1.13.0-r0
1.13.0-r1
1.13.0-r2
1.13.0-r3
1.13.1-r0
1.13.1-r1
1.13.1-r2
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14.0-r0
1.14.0-r1
1.15.0-r0
1.16.0-r0
1.16.0-r1
1.16.1-r0
1.16.2-r0
1.16.2-r1
1.16.3-r0
1.17.0-r0
1.17.0-r1
1.17.1-r0
1.17.1-r1
1.17.1-r2
1.17.1-r3
1.17.1-r4
1.18.0-r4
1.19.0-r4