CVE-2023-50868
- Source
- https://cve.org/CVERecord?id=CVE-2023-50868
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50868.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-50868
- Downstream
- Related
- Published
- 2024-02-14T16:15:45.377Z
- Modified
- 2026-04-09T09:49:53.504141Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
- References
-
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
- https://kb.isc.org/docs/cve-2023-50868
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
- https://access.redhat.com/security/cve/CVE-2023-50868
- https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
- https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html
- https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html
- https://lists.debian.org/debian-lts-announce/2024/11/msg00035.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/
- https://lists.debian.org/debian-lts-announce/2024/09/msg00001.html
- https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/
- https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
- https://security.netapp.com/advisory/ntap-20240307-0008/
- http://www.openwall.com/lists/oss-security/2024/02/16/3
- https://bugzilla.suse.com/show_bug.cgi?id=1219826
- http://www.openwall.com/lists/oss-security/2024/02/16/2
- https://datatracker.ietf.org/doc/html/rfc5155
- https://www.isc.org/blogs/2024-bind-security-release/
Affected packages
Git / github.com/isc-projects/bind9
Affected ranges
- Type
- GIT
- Repo
- https://github.com/isc-projects/bind9
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "8.0" } ] }
- Type
- GIT
- Repo
- https://github.com/powerdns/pdns
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "4.8.5" }, { "introduced": "4.9.0" }, { "fixed": "4.9.3" }, { "introduced": "5.0.0" }, { "fixed": "5.0.2" } ] }
- Type
- GIT
- Repo
- https://gitlab.isc.org/isc-projects/bind9
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "9.0.0" }, { "fixed": "9.16.48" }, { "introduced": "9.9.3" }, { "fixed": "9.16.48" }, { "introduced": "9.18.0" }, { "fixed": "9.18.24" }, { "introduced": "9.18.11" }, { "fixed": "9.18.24" }, { "introduced": "9.19.0" }, { "fixed": "9.19.21" } ] }
Affected versions
auth-3.*
auth-3.1-rc1
auth-3.1-rc2
auth-3.1-rc3
auth-3.2-rc1
auth-3.2-rc2
auth-3.2-rc3
auth-3.2-rc4
auth-3.4.0
auth-3.4.0-rc1
auth-3.4.0-rc2
auth-4.*
auth-4.0.0
auth-4.0.0-alpha1
auth-4.0.0-alpha2
auth-4.0.0-alpha3
auth-4.0.0-beta1
auth-4.0.0-rc1
auth-4.0.0-rc2
auth-4.0.1
auth-4.1.0
auth-4.1.0-rc1
auth-4.1.0-rc2
auth-4.1.0-rc3
auth-4.2.0-alpha1
auth-4.2.0-beta1
auth-4.2.0-rc1
auth-4.2.0-rc2
auth-4.3.0-alpha1
auth-4.3.0-beta1
auth-4.3.0-beta2
auth-4.4.0-alpha0
auth-4.4.0-alpha1
auth-4.4.0-alpha2
auth-4.4.0-alpha3
auth-4.4.0-beta1
auth-4.5.0-alpha0
auth-4.5.0-alpha1
auth-4.5.0-beta1
auth-4.6.0-alpha0
auth-4.6.0-alpha1
auth-4.6.0-beta1
auth-4.7.0-alpha1
auth-4.8.0-alpha0
dnsdist-1.*
dnsdist-1.0.0
dnsdist-1.0.0-alpha1
dnsdist-1.0.0-alpha2
dnsdist-1.0.0-beta1
dnsdist-1.1.0
dnsdist-1.1.0-beta1
dnsdist-1.1.0-beta2
dnsdist-1.2.0
dnsdist-1.3.0
dnsdist-1.3.1
dnsdist-1.3.2
dnsdist-1.3.3
dnsdist-1.4.0
dnsdist-1.4.0-alpha1
dnsdist-1.4.0-alpha2
dnsdist-1.4.0-beta1
dnsdist-1.4.0-rc1
dnsdist-1.4.0-rc2
dnsdist-1.4.0-rc3
dnsdist-1.4.0-rc4
dnsdist-1.4.0-rc5
dnsdist-1.5.0
dnsdist-1.5.0-alpha1
dnsdist-1.5.0-rc1
dnsdist-1.5.0-rc2
dnsdist-1.5.0-rc3
dnsdist-1.5.0-rc4
dnsdist-1.6.0
dnsdist-1.6.0-alpha0
dnsdist-1.6.0-alpha1
dnsdist-1.6.0-alpha2
dnsdist-1.6.0-alpha3
dnsdist-1.6.0-rc1
dnsdist-1.6.0-rc2
dnsdist-1.7.0-alpha0
dnsdist-1.7.0-alpha1
dnsdist-1.7.0-alpha2
dnsdist-1.7.0-beta1
dnsdist-1.7.0-beta2
dnsdist-1.8.0-alpha0
Other
ondrej/008bfb6249a5f81d9e02ad4d39fda63fab57a0ad
ondrej/00ce93a69cd809810b82dbb229abf59d8e5850cc
ondrej/067f87f158b633e18a9c6fd0b038d1dc288bcb74
ondrej/074c7cc12c0eda40441926a8a96631c3176824a9
ondrej/1a1413ff5910ace7919bb8db0a1bb1f6e9c9ff7d
ondrej/2438db2eae8baf084615aff3b210ea51cd2f1fe1
ondrej/4098157e6ce98910ff99c58c41c6cf8069b79cc7
ondrej/4281aaab4503116fcf50caa348e1b5e7d414b742
ondrej/42e84e4b97be23f2b3754844e9d4478f48e92b48
ondrej/46caf5f4a4522d42480aee4d5949ea9546f98c2f
ondrej/4d292fc37ff5e99462756352c6028af7d0becf74
ondrej/4f369af51ede0e5ac7b3a14c451c5a41350a61cc
ondrej/53738634c3b511bd78e6626df95ae140631b080c
ondrej/6d06e7e7e585e30b419e4e20815cb8233c48f7b1
ondrej/6d1fdb850516a8d1fbfa853c56a1ef7627d54a72
ondrej/761b47a64845cb647d4fa3362be538eb0e7174d9
ondrej/840e56a979c3719ded668d5aaa04b1bddce465ef
ondrej/9cd2880a82f627bc44ab65fdaa19c2bcd9e61c96
ondrej/a42afbce2e34a5f990517fee7eab013c4adb8c0a
ondrej/a5f554959ec531712f6e14a8cb8c90d87cc27932
ondrej/b177581bb230d89821d1e2e5e91f93bee3fc4192
ondrej/b6298b394e9eaefcfa2458cd56c345d778e99b8e
ondrej/be1e6499742e241d71c7e79434e278a0c89d141b
ondrej/c63b7fad498dbe56710b655bd296a58abba64bb8
ondrej/d7e5f7903de06e504aac4a3822a41d69e159e370
ondrej/e00b13ac6e5a49434fbe534b0cab86b9ee4fbdb5
ondrej/f8a0c0bed6ed629e314d22619510939c61d88b0e
ondrej/fb07c38697c9f4f76dcb921487c4f96813c99b69
rec-3-0
rec-3-0-1
rec-3.*
rec-3.0
rec-3.0.1
rec-3.1.4
rec-3.3.1
rec-3.5
rec-3.5-rc1
rec-3.5-rc3
rec-3.5-rc4
rec-3.5-rc5
rec-3.6.0
rec-4.*
rec-4.0.0
rec-4.0.0-alpha1
rec-4.0.0-alpha2
rec-4.0.0-alpha3
rec-4.0.0-beta1
rec-4.0.0-rc1
rec-4.0.1
rec-4.0.2
rec-4.1.0
rec-4.1.0-alpha1
rec-4.1.0-rc1
rec-4.1.0-rc2
rec-4.1.0-rc3
rec-4.2.0-alpha1
rec-4.2.0-beta1
rec-4.2.0-rc1
rec-4.3.0-alpha1
rec-4.3.0-alpha2
rec-4.3.0-alpha3
rec-4.3.0-beta1
rec-4.4.0-alpha0
rec-4.4.0-alpha1
rec-4.4.0-alpha2
rec-4.4.0-beta1
rec-4.5.0-alpha0
rec-4.5.0-alpha1
rec-4.5.0-alpha2
rec-4.5.0-alpha3
rec-4.5.0-beta1
rec-4.6.0-alpha0
rec-4.6.0-alpha1
rec-4.6.0-alpha2
rec-4.6.0-beta1
rec-4.6.0-beta2
rec-4.7.0-alpha1
rec-4.7.0-beta1
rec-4.8.0
rec-4.8.0-alpha1
rec-4.8.0-beta1
rec-4.8.0-beta2
rec-4.8.0-rc1
rec-4.8.2
rec-4.8.3
rec-4.8.4
rec-4.9.0
rec-4.9.0-alpha0
rec-4.9.1
rec-4.9.2
rec-5.*
rec-5.0.0
rec-5.0.0-rc2
rec-5.0.1
v9.*
v9.10.0a1
v9.10.0a2
v9.10.0b1
v9.10.0b2
v9.10.0rc1
v9.11.0a1
v9.11.0a2
v9.11.0a3
v9.12.0a1
v9.12.0b1
v9.12.0b2
v9.12.0rc1
v9.13.0
v9.13.2
v9.13.3
v9.13.4
v9.13.5
v9.13.6
v9.15.0
v9.15.2
v9.15.3
v9.15.4
v9.15.7
v9.15.8
v9.18.0
v9.19.0
v9.5.0a1
v9.5.0a2
v9.5.0a3
v9.5.0a4
v9.5.0a5
v9.5.0a6
v9.7.0a1
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "38"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "39"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.4"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50868.json"