CVE-2023-50387

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Fixed

MEDIUM (5.5)

System detected CVE-2023-50387 with a risk of 3.71
update-risk-management-default-value
S
Sebastian Kawelke updated the risk assessment from 3.71 to 4.44
update-risk-management-default-value
Confidentiality Requirement updated: medium -> low, Integrity Requirement updated: medium -> high, Availability Requirement updated: medium -> high
System updated the risk assessment from 4.44 to 4.59
update-risk-management-default-value
System recalculated raw risk assessment
System fixed CVE-2023-50387
update-risk-management-default-value
System updated the risk assessment from 4.59 to 6
update-risk-management-default-value
System recalculated raw risk assessment
System updated the risk assessment from 6 to 5.52
update-risk-management-default-value
System recalculated raw risk assessment

Reopen this vulnerability

Last calculated at:

Affected component

debian/systemd

Installed version:

252.30

Fixed in:

no patch available

Show in dependency graph

🛡️ DevGuard
Group
/🧩 DevGuard CI-Components
Repository

CVE-2023-50387

Reopen this vulnerability

Affected component

Management decisions across the organization