← Back to CVEs
CVE-2023-50387
HIGH7.5
Description
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/14/2024
Last Modified11/4/2025
Sourcenvd
Honeypot Sightings0
Affected Products
fedoraproject:fedoraisc:bindmicrosoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019microsoft:windows_server_2022microsoft:windows_server_2022_23h2nic:knot_resolvernlnetlabs:unboundpowerdns:recursorredhat:enterprise_linuxthekelleys:dnsmasq
Weaknesses (CWE)
CWE-770CWE-770
References
http://www.openwall.com/lists/oss-security/2024/02/16/2(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2024/02/16/3(cve@mitre.org)
https://access.redhat.com/security/cve/CVE-2023-50387(cve@mitre.org)
https://bugzilla.suse.com/show_bug.cgi?id=1219823(cve@mitre.org)
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html(cve@mitre.org)
https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1(cve@mitre.org)
https://kb.isc.org/docs/cve-2023-50387(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/(cve@mitre.org)
https://news.ycombinator.com/item?id=39367411(cve@mitre.org)
https://news.ycombinator.com/item?id=39372384(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20240307-0007/(cve@mitre.org)
https://www.athene-center.de/aktuelles/key-trap(cve@mitre.org)
https://www.isc.org/blogs/2024-bind-security-release/(cve@mitre.org)
https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2024/02/16/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/02/16/3(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-50387(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.suse.com/show_bug.cgi?id=1219823(af854a3a-2127-422b-91ae-364da2661108)
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1(af854a3a-2127-422b-91ae-364da2661108)
https://kb.isc.org/docs/cve-2023-50387(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/09/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/11/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html(af854a3a-2127-422b-91ae-364da2661108)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=39367411(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=39372384(af854a3a-2127-422b-91ae-364da2661108)
https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240307-0007/(af854a3a-2127-422b-91ae-364da2661108)
https://www.athene-center.de/aktuelles/key-trap(af854a3a-2127-422b-91ae-364da2661108)
https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://www.isc.org/blogs/2024-bind-security-release/(af854a3a-2127-422b-91ae-364da2661108)
https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/(af854a3a-2127-422b-91ae-364da2661108)
https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.