<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 13 Feb 2024 12:06:42 -0800
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On 2/13/24 06:07, Yorgos Thessalonikefs wrote:
DNSSEC protocol vulnerabilities have been discovered that render various
DNSSEC validators victims of Denial Of Service while trying to validate
specially crafted DNSSEC responses.
There are two known vulnerabilities: CVE-2023-50387 (referred here as
the KeyTrap vulnerability) and CVE-2023-50868 (referred here as the
NSEC3 vulnerability).
Similarly, dnsmasq 2.90 was published today to address these:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
--
-Alan Coopersmith- alan.coopersmith () oracle com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Yorgos Thessalonikefs (Feb 13)
Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Alan Coopersmith (Feb 13)
Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Solar Designer (Feb 13)
Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Solar Designer (Feb 13)
Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Alan Coopersmith (Feb 16)
Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Solar Designer (Feb 16)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->