CVE-2023-50387

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2", "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": ["Mailing List"], "refsource": ""}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3", "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://access.redhat.com/security/cve/CVE-2023-50387", "name": "https://access.redhat.com/security/cve/CVE-2023-50387", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1219823", "tags": ["Issue Tracking"], "refsource": ""}, {"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "name": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "name": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "tags": ["Patch"], "refsource": ""}, {"url": "https://kb.isc.org/docs/cve-2023-50387", "name": "https://kb.isc.org/docs/cve-2023-50387", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [], "refsource": ""}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "name": "FEDORA-2024-c967c7d287", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "name": "FEDORA-2024-e24211eff0", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "name": "FEDORA-2024-c36c448396", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "name": "FEDORA-2024-e00eceb11c", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "name": "FEDORA-2024-21310568fa", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "name": "FEDORA-2024-499b9be35f", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "name": "FEDORA-2024-2e26eccfcb", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "name": "FEDORA-2024-b0f9656a76", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "name": "FEDORA-2024-4e36df9dfd", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "name": "FEDORA-2024-fae88b73eb", "tags": [], "refsource": ""}, {"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "name": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "tags": ["Mailing List", "Third Party Advisory"], "refsource": ""}, {"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", "tags": ["Patch", "Vendor Advisory"], "refsource": ""}, {"url": "https://news.ycombinator.com/item?id=39367411", "name": "https://news.ycombinator.com/item?id=39367411", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://news.ycombinator.com/item?id=39372384", "name": "https://news.ycombinator.com/item?id=39372384", "tags": ["Issue Tracking"], "refsource": ""}, {"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "name": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0007/", "name": "https://security.netapp.com/advisory/ntap-20240307-0007/", "tags": [], "refsource": ""}, {"url": "https://www.athene-center.de/aktuelles/key-trap", "name": "https://www.athene-center.de/aktuelles/key-trap", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf", "name": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf", "tags": ["Technical Description", "Third Party Advisory"], "refsource": ""}, {"url": "https://www.isc.org/blogs/2024-bind-security-release/", "name": "https://www.isc.org/blogs/2024-bind-security-release/", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/", "name": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/", "tags": ["Press/Media Coverage", "Third Party Advisory"], "refsource": ""}, {"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/", "name": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/", "tags": ["Patch", "Third Party Advisory"], "refsource": ""}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2", "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/", "name": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/", "tags": ["Patch", "Third Party Advisory"], "refsource": ""}, {"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/", "name": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/", "tags": ["Press/Media Coverage", "Third Party Advisory"], "refsource": ""}, {"url": "https://www.isc.org/blogs/2024-bind-security-release/", "name": "https://www.isc.org/blogs/2024-bind-security-release/", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf", "name": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf", "tags": ["Technical Description", "Third Party Advisory"], "refsource": ""}, {"url": "https://www.athene-center.de/aktuelles/key-trap", "name": "https://www.athene-center.de/aktuelles/key-trap", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0007/", "name": "https://security.netapp.com/advisory/ntap-20240307-0007/", "tags": [], "refsource": ""}, {"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "name": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://news.ycombinator.com/item?id=39372384", "name": "https://news.ycombinator.com/item?id=39372384", "tags": ["Issue Tracking"], "refsource": ""}, {"url": "https://news.ycombinator.com/item?id=39367411", "name": "https://news.ycombinator.com/item?id=39367411", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", "tags": ["Patch", "Vendor Advisory"], "refsource": ""}, {"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "name": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "tags": ["Mailing List", "Third Party Advisory"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "name": "FEDORA-2024-fae88b73eb", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "name": "FEDORA-2024-4e36df9dfd", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "name": "FEDORA-2024-b0f9656a76", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "name": "FEDORA-2024-2e26eccfcb", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "name": "FEDORA-2024-499b9be35f", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "name": "FEDORA-2024-21310568fa", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "name": "FEDORA-2024-e00eceb11c", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "name": "FEDORA-2024-c36c448396", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "name": "FEDORA-2024-e24211eff0", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "name": "FEDORA-2024-c967c7d287", "tags": [], "refsource": ""}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [], "refsource": ""}, {"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [], "refsource": ""}, {"url": "https://kb.isc.org/docs/cve-2023-50387", "name": "https://kb.isc.org/docs/cve-2023-50387", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "name": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "tags": ["Patch"], "refsource": ""}, {"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "name": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1219823", "tags": ["Issue Tracking"], "refsource": ""}, {"url": "https://access.redhat.com/security/cve/CVE-2023-50387", "name": "https://access.redhat.com/security/cve/CVE-2023-50387", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3", "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": ["Mailing List"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-770"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-50387", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2024-02-14T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.90"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nic:knot_resolver:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.71"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.0.2", "versionStartIncluding": "5.0.0"}, {"cpe23Uri": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.9.3", "versionStartIncluding": "4.9.0"}, {"cpe23Uri": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.8.6", "versionStartIncluding": "4.8.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.19.20", "versionStartIncluding": "9.19.0"}, {"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.18.22", "versionStartIncluding": "9.18.0"}, {"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.16.46", "versionStartIncluding": "9.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.19.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-05-12T15:15Z"}