924455 – (CVE-2023-50387, CVE-2023-50868) [Tracker] "KeyTrap" DNS DoS vulnerability

Bug 924455 (CVE-2023-50387, CVE-2023-50868) - [Tracker] "KeyTrap" DNS DoS vulnerability

Summary: [Tracker] "KeyTrap" DNS DoS vulnerability

Status:	CONFIRMED

Alias:	CVE-2023-50387, CVE-2023-50868

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:	Tracker

Depends on:	924442 CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516 924448 924457 924459
Blocks:
	Show dependency tree

Reported:	2024-02-14 07:13 UTC by Hans de Graaff
Modified:	2024-02-20 00:18 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hans de Graaff gentoo-dev

2024-02-14 07:13:26 UTC

CVE-2023-50387

Description:

The processing of responses coming from specially crafted DNSSEC-signed zones can cause CPU exhaustion on a DNSSEC-validating resolver.

Impact:

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.


CVE-2023-50868

Description:

The processing of responses coming from DNSSEC-signed zones using NSEC3 can cause CPU exhaustion on a DNSSEC-validating resolver.

Impact:

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.