CVSS: 7.5EPSS: 5%CPEs: 21EXPL: 1CVE-2023-50387 – bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
https://notcve.org/view.php?id=CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. Ciertos aspectos DNSSEC del protocolo DNS (en RFC 4035 y RFC relacionados) permiten a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de una o más respuestas DNSSEC cuando hay una zona con muchos registros DNSKEY y RRSIG, también conocido como "KeyTrap". " asunto. La especificación del protocolo implica que un algoritmo debe evaluar todas las combinaciones de registros DNSKEY y RRSIG. Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled. • https://github.com/knqyf263/CVE-2023-50387 http://www.openwall.com/lists/oss-security/2024/02/16/2 http://www.openwall.com/lists/oss-security/2024/02/16/3 https://access.redhat.com/security/cve/CVE-2023-50387 https://bugzilla.suse.com/show_bug.cgi?id=1219823 https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 https://kb.isc.org/docs/cve-2023-50387 https://lists&# • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28450 – dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232
https://notcve.org/view.php?id=CVE-2023-28450
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. • https://capec.mitre.org/data/definitions/495.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UQ6LKDTLSSD64TBIZ3XEKBM2SWC63VV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU2ZT4ITSEOOR2CFBAHK4Z67KXJIEWQA https://thekelleys.org.uk/dnsmasq/doc.html https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=blob%3Bf=CHANGELOG https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5 https://acc • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0934 – dnsmasq: Heap use after free in dhcp6_no_relay
https://notcve.org/view.php?id=CVE-2022-0934
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. En dnsmasq ha sido encontrado un fallo de escritura/uso de memoria previamente liberada de un byte no arbitrario. Este fallo permite a un atacante que envíe un paquete diseñado procesado por dnsmasq, causando potencialmente una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-0934 https://bugzilla.redhat.com/show_bug.cgi?id=2057075 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=03345ecefeb0d82e3c3a4c28f27c3554f0611b39 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3448 – dnsmasq: fixed outgoing port used when --server is used with an interface name
https://notcve.org/view.php?id=CVE-2021-3448
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1939368 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVTJUOFFFHINLKWAOC2ZSC5MOPD4SJ24 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHG7GWSQWKF7JXIMLOGJBKZWBB4VIAJ7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GHURNEHHUBSW45KMIZ4FNBCSUPWPGV5V https://security.gentoo.org/glsa/202105-20 https://www.oracle.com/security-alerts/cpujan2022.html https://access • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 8.3EPSS: 15%CPEs: 5EXPL: 0CVE-2020-25681 – dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled
https://notcve.org/view.php?id=CVE-2020-25681
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en dnsmasq versiones anteriores a 2.83. • https://bugzilla.redhat.com/show_bug.cgi?id=1881875 https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32 https://security.gentoo.org/glsa/202101-17 https://www.debian.org/security/2021/dsa-4844 https://www.jsof-tech.com/disclosures/dnspooq https:// • CWE-122: Heap-based Buffer Overflow •