FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-09 08:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e15ba624-cca8-11ee-84ca-b42e991fc52e	powerdns-recursor -- Multiple Vulnerabilities cve@mitre.org reports: CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. Discovery 2024-02-14 Entry 2024-02-16 powerdns-recursor < 5.0.2 CVE-2023-50868 https://nvd.nist.gov/vuln/detail/CVE-2023-50868 CVE-2023-50387 https://nvd.nist.gov/vuln/detail/CVE-2023-50387

VuXML ID

Description

e15ba624-cca8-11ee-84ca-b42e991fc52e

powerdns-recursor -- Multiple Vulnerabilities

cve@mitre.org reports:

CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Discovery 2024-02-14
Entry 2024-02-16
powerdns-recursor

< 5.0.2

CVE-2023-50868
https://nvd.nist.gov/vuln/detail/CVE-2023-50868
CVE-2023-50387
https://nvd.nist.gov/vuln/detail/CVE-2023-50387