Veracode Vulnerability DatabaseVERACODE:45506Denial Of Service
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
Low
0.05 Low
EPSS
Percentile
92.9%
dnsmasq is vulnerable to Denial of Service. The vulnerability due to KeyTrap issue when dealing with a zone that contains numerous DNSKEY (DNS Key) and RRSIG (Resource Record Signature) records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records which leads to excessive CPU consumption and degraded performance or unresponsiveness.
References
www.openwall.com/lists/oss-security/2024/02/16/2
www.openwall.com/lists/oss-security/2024/02/16/3
access.redhat.com/security/cve/CVE-2023-50387
bugzilla.suse.com/show_bug.cgi?id=1219823
docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
kb.isc.org/docs/cve-2023-50387
lists.debian.org/debian-lts-announce/2024/02/msg00006.html
lists.debian.org/debian-lts-announce/2024/05/msg00011.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387
news.ycombinator.com/item?id=39367411
news.ycombinator.com/item?id=39372384
nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
security-tracker.debian.org/tracker/CVE-2023-50387
security.netapp.com/advisory/ntap-20240307-0007/
www.athene-center.de/aktuelles/key-trap
www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
www.isc.org/blogs/2024-bind-security-release/
www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/
www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
Low
0.05 Low
EPSS
Percentile
92.9%