CVE-2023-50387

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Fixed

MEDIUM (6.3)

T
Tim Bastin detected CVE-2023-50387 with a risk of 3.71
0.8.2
System updated the risk assessment to 1.85
0.8.2
System recalculated raw risk assessment
System updated the risk assessment from 1.85 to 3.71
0.8.2
System recalculated raw risk assessment
System
0.8.2
System
0.8.2
System
0.8.2
System
0.8.2
System
0.8.2
System
0.8.2
S
Sebastian Kawelke updated the risk assessment from 3.71 to 4.44
0.8.2
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
System updated the risk assessment from 4.44 to 4.59
0.8.2
System recalculated raw risk assessment
System fixed CVE-2023-50387
0.8.2
System updated the risk assessment from 4.59 to 6
0.8.2
System recalculated raw risk assessment
System updated the risk assessment from 6 to 5.52
0.8.2
System recalculated raw risk assessment
System updated the risk assessment from 5.52 to 6.25
0.8.2
System recalculated raw risk assessment

Reopen this vulnerability

Last calculated at:

Affected component

debian/systemd

Installed version:

252.30

Fixed in:

no patch available

Show in dependency graph

🛡️ DevGuard
Group
/🧩 DevGuard CI-Components
Repository

CVE-2023-50387

Reopen this vulnerability

Affected component

Management decisions across the organization