Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 924455 (CVE-2023-50387, CVE-2023-50868) - [Tracker] "KeyTrap" DNS DoS vulnerability
Summary: [Tracker] "KeyTrap" DNS DoS vulnerability
Status: CONFIRMED
Alias: CVE-2023-50387, CVE-2023-50868
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords: Tracker
Depends on: 924442 CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516 924448 924457 924459
Blocks:
  Show dependency tree
 
Reported: 2024-02-14 07:13 UTC by Hans de Graaff
Modified: 2024-02-20 00:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hans de Graaff gentoo-dev Security 2024-02-14 07:13:26 UTC
CVE-2023-50387

Description:

The processing of responses coming from specially crafted DNSSEC-signed zones can cause CPU exhaustion on a DNSSEC-validating resolver.

Impact:

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.


CVE-2023-50868

Description:

The processing of responses coming from DNSSEC-signed zones using NSEC3 can cause CPU exhaustion on a DNSSEC-validating resolver.

Impact:

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.