MITRE:CVE-2023-50387 DNS RRSIG 和 DNSKEY 验证可能被滥用以远程消耗 DNS 服务器资源

CVE编号

CVE-2023-50387

利用情况

暂无

补丁情况

N/A

披露时间

2024-02-13
漏洞描述
暂无
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
http://www.openwall.com/lists/oss-security/2024/02/16/2
http://www.openwall.com/lists/oss-security/2024/02/16/3
https://access.redhat.com/security/cve/CVE-2023-50387
https://bugzilla.suse.com/show_bug.cgi?id=1219823
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
https://kb.isc.org/docs/cve-2023-50387
https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387
https://news.ycombinator.com/item?id=39367411
https://news.ycombinator.com/item?id=39372384
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
https://security.netapp.com/advisory/ntap-20240307-0007/
https://www.athene-center.de/aktuelles/key-trap
https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
https://www.isc.org/blogs/2024-bind-security-release/
https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-...
https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 isc bind * From
(including)
9.0.0 		Up to
(including)
9.16.46
运行在以下环境
应用 isc bind * From
(including)
9.18.0 		Up to
(including)
9.18.22
运行在以下环境
应用 isc bind * From
(including)
9.19.0 		Up to
(including)
9.19.20
运行在以下环境
应用 nic knot_resolver * Up to
(excluding)
5.71
运行在以下环境
应用 nlnetlabs unbound * Up to
(excluding)
1.19.1
运行在以下环境
应用 powerdns recursor * From
(including)
4.8.0 		Up to
(excluding)
4.8.6
运行在以下环境
应用 powerdns recursor * From
(including)
4.9.0 		Up to
(excluding)
4.9.3
运行在以下环境
应用 powerdns recursor * From
(including)
5.0.0 		Up to
(excluding)
5.0.2
运行在以下环境
应用 thekelleys dnsmasq * Up to
(excluding)
2.90
运行在以下环境
系统 alpine_3.16 bind * Up to
(excluding)
9.16.48-r0
运行在以下环境
系统 alpine_3.17 bind * Up to
(excluding)
1.19.1-r0
运行在以下环境
系统 alpine_3.18 bind * Up to
(excluding)
1.19.1-r0
运行在以下环境
系统 alpine_3.19 bind * Up to
(excluding)
1.19.1-r0
运行在以下环境
系统 fedora_38 dnsmasq * Up to
(excluding)
2.90-1.fc38
运行在以下环境
系统 fedora_39 dnsmasq * Up to
(excluding)
2.90-1.fc39
运行在以下环境
系统 fedora_EPEL_8 pdns-recursor * Up to
(excluding)
4.8.6-1.el8
运行在以下环境
系统 fedora_EPEL_9 pdns-recursor * Up to
(excluding)
4.8.6-1.el9
运行在以下环境
系统 opensuse_Leap_15.5 pdns-recursor * Up to
(excluding)
4.8.6-bp155.2.3.1
CVSS3评分
7.5
  • 攻击路径
    网络
  • 攻击复杂度
  • 权限要求
  • 影响范围
    未更改
  • 用户交互
  • 可用性
  • 保密性
  • 完整性
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-ID 漏洞类型
CWE-770 不加限制或调节的资源分配
阿里云安全产品覆盖情况