CVE-2023-50387
CVE Details
Visit the official vulnerability details page for CVE-2023-50387 to learn more.
Initial Publication
11/13/2024
Last Update
12/12/2024
Third Party Dependency
libsystemd0
NIST CVE Summary
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE Severity
Our Official Summary
This vulnerability in DNSSEC-validating resolvers is of important severity because it can lead to uncontrolled CPU consumption, resulting in a Denial of Service (DoS). By exploiting this flaw, attackers can send specially crafted DNS responses that cause the resolver to enter a state of excessive resource utilization. So the attacker needs to gain privileged access to the cluster to attempt this exploit. Also the containers do not allow execution of arbitrary code. Impact of this exploit is also low, since container reduces the attack surface.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.4.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 12/12/2024 | Official summary added |