We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
Reserved 2023-12-14 | Published 2024-02-14 | Updated 2025-05-12 | Assigner mitrenlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
docs.powerdns.com/...visories/powerdns-advisory-2024-01.html
www.isc.org/blogs/2024-bind-security-release/
datatracker.ietf.org/doc/html/rfc5155
kb.isc.org/docs/cve-2023-50868
gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
lists.thekelleys.org.uk/...nsmasq-discuss/2024q1/017430.html
access.redhat.com/security/cve/CVE-2023-50868
bugzilla.suse.com/show_bug.cgi?id=1219826
www.openwall.com/lists/oss-security/2024/02/16/2 ([oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities)
www.openwall.com/lists/oss-security/2024/02/16/3 ([oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities)
lists.fedoraproject.org/...SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ (FEDORA-2024-2e26eccfcb)
lists.fedoraproject.org/...BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ (FEDORA-2024-e24211eff0)
lists.fedoraproject.org/...PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ (FEDORA-2024-21310568fa)
lists.debian.org/debian-lts-announce/2024/02/msg00006.html ([debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update)
lists.fedoraproject.org/...TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/ (FEDORA-2024-b0f9656a76)
lists.fedoraproject.org/...UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/ (FEDORA-2024-4e36df9dfd)
lists.fedoraproject.org/...RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ (FEDORA-2024-499b9be35f)
lists.fedoraproject.org/...HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/ (FEDORA-2024-c36c448396)
lists.fedoraproject.org/...6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/ (FEDORA-2024-c967c7d287)
lists.fedoraproject.org/...IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/ (FEDORA-2024-e00eceb11c)
lists.fedoraproject.org/...ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/ (FEDORA-2024-fae88b73eb)
security.netapp.com/advisory/ntap-20240307-0008/
lists.debian.org/debian-lts-announce/2024/05/msg00011.html ([debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update)
Support options