Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-50387 CVE-2023-50868

Source

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Solar Designer &lt;solar () openwall com&gt;

Date: Tue, 13 Feb 2024 23:34:36 +0100

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
It's not great that we're adding to a thread on Unbound, but since we
already started...

On Tue, Feb 13, 2024 at 10:52:09PM +0100, Solar Designer wrote:
On Tue, Feb 13, 2024 at 12:06:42PM -0800, Alan Coopersmith wrote:
On 2/13/24 06:07, Yorgos Thessalonikefs wrote:
DNSSEC protocol vulnerabilities have been discovered that render various
DNSSEC validators victims of Denial Of Service while trying to validate
specially crafted DNSSEC responses.

There are two known vulnerabilities: CVE-2023-50387 (referred here as
the KeyTrap vulnerability) and CVE-2023-50868 (referred here as the
NSEC3 vulnerability).

Similarly, dnsmasq 2.90 was published today to address these:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html

And fixes for these two CVEs were merged into PowerDNS today:

https://github.com/PowerDNS/pdns/pull/13781

There are also three PRs (13782, 13783, 13784) with back-ports to other
supported branches.

I hope PowerDNS will also be sending a proper advisory in here.

Turns out there is a PowerDNS advisory here:

https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released

but really it should be posted to oss-security as well.

Alexander

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Yorgos Thessalonikefs (Feb 13)

Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Alan Coopersmith (Feb 13)

Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Solar Designer (Feb 13)

Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Solar Designer (Feb 13)
Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Alan Coopersmith (Feb 16)
Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Solar Designer (Feb 16)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities

Vulmon Search

About

Products

Connect