CVE-2023-50868
HIGHDescription
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
Is your site exposed to CVE-2023-50868?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| isc | bind |
| isc | bind |
| isc | bind |
| isc | bind |
| isc | bind |
| fedoraproject | fedora |
| fedoraproject | fedora |
| debian | debian_linux |
| debian | debian_linux |
| redhat | enterprise_linux |
| redhat | enterprise_linux |
| redhat | enterprise_linux |
| redhat | enterprise_linux |
| redhat | enterprise_linux |
| powerdns | recursor |
| powerdns | recursor |
| powerdns | recursor |
| netapp | bootstrap_os |
| netapp | hci_compute_node |
| netapp | active_iq_unified_manager |
| netapp | hci_baseboard_management_controller |
| netapp | h300s |
| netapp | h410c |
| netapp | h410s |
| netapp | h500s |
| netapp | h700s |
References
Advisories & Patches
Exploits
Other References
Frequently Asked Questions
What is CVE-2023-50868? +
How severe is CVE-2023-50868? +
What products are affected by CVE-2023-50868? +
How do I check if I'm vulnerable to CVE-2023-50868? +
Related Vulnerabilities
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates …
FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation …
Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, …
Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of …
An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows …
A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to …