What is CVE-2023-50868?

CVE-2023-50868 is a vulnerability in N/a. Published 2024-02-14.

Is CVE-2023-50868 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-50868

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain…

EPSS: 0.828 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Goethe-Universitat-Cybersecurity/NSEC3-Encloser-Attack
Atamik03/API-calc-dz
GitHubForSnap/knot-resolver-gael
GrigGM/05-virt-04-docker-hw
Javeria-Motiwala/cve-scanner
benichmt1/copa-docker-scout
fkie-cad/nvd-json-data-feeds
ARPSyndicate/cve-scores
h4ckm1n-dev/report-test
hackingyseguridad/dnssec

References

nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
www.isc.org/blogs/2024-bind-security-release/
datatracker.ietf.org/doc/html/rfc5155
kb.isc.org/docs/cve-2023-50868
gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
access.redhat.com/security/cve/CVE-2023-50868
bugzilla.suse.com/show_bug.cgi
[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities (mailing-list)

Frequently asked questions

What is CVE-2023-50868?: CVE-2023-50868 is a vulnerability in N/a. Published 2024-02-14.
Is CVE-2023-50868 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.