Lucene search
K

12 matches found

RustSec
RustSec
added 2026/05/01 12:0 p.m.8 views

NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-net's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the SOA...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/05/01 12:0 p.m.6 views

NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the S...

5.8AI score
Exploits0Affected Software1
OSV
OSV
added 2025/01/29 10:15 p.m.6 views

AZL-56093 CVE-2024-11187 affecting package bind for versions less than 9.16.50-2

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

7.5CVSS6.9AI score0.14614EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/01/29 9:40 p.m.28 views

CVE-2024-11187

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

7.5CVSS7.5AI score0.14614EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.4 views

PT-2024-21058 · Dnsjava +2 · Dnsjava +2

Name of the Vulnerable Software and Affected Versions: dnsjava versions prior to 3.6.0 Description: The issue arises from dnsjava not checking the relevance of records in DNS replies to the query, allowing an attacker to respond with records from different zones. This can lead to applications...

8.9CVSS7.8AI score0.00392EPSS
Exploits0References21
OSV
OSV
added 2024/05/31 7:8 a.m.8 views

CLSA-2024-1717139314 bind: Fix of 2 CVEs

Moved tuxcare patches from 32:9.11.4-26.P2.14 - CVE-2023-50387: Resolved CPU exhaustion from specially crafted DNSSEC-signed zone responses - CVE-2023-50868: Resolved CPU exhaustion from DNSSEC-signed zones using NSEC3...

7.5CVSS7AI score0.99995EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/04/11 11:6 a.m.2 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/03/27 3:11 p.m.5 views

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

7.5CVSS6.7AI score0.99995EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/03/14 3:29 p.m.7 views

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

7.5CVSS6.7AI score0.99995EPSS
Exploits0References7
OSV
OSV
added 2024/03/04 2:7 p.m.6 views

CLSA-2024-1709561259 bind: Fix of 2 CVEs

CVE-2023-50387: Resolved CPU exhaustion from specially crafted DNSSEC-signed zone responses - CVE-2023-50868: Resolved CPU exhaustion from DNSSEC-signed zones using NSEC3...

7.5CVSS7AI score0.99995EPSS
Exploits1References1
OSV
OSV
added 2024/03/04 11:4 a.m.8 views

CLSA-2024-1709550262 bind: Fix of 2 CVEs

CVE-2023-50387: Resolved CPU exhaustion from specially crafted DNSSEC-signed zone responses - CVE-2023-50868: Resolved CPU exhaustion from DNSSEC-signed zones using NSEC3...

7.5CVSS7.1AI score0.99995EPSS
Exploits1References1
OSV
OSV
added 2024/03/04 10:19 a.m.6 views

CLSA-2024-1709547568 bind: Fix of 2 CVEs

CVE-2023-50387: Resolved CPU exhaustion from specially crafted DNSSEC-signed zone responses - CVE-2023-50868: Resolved CPU exhaustion from DNSSEC-signed zones using NSEC3...

7.5CVSS7AI score0.99995EPSS
Exploits1References1
Rows per page
Query Builder