nvd-json-data-feeds/CVE-2023/CVE-2023-508xx/CVE-2023-50868.json

{
  "id": "CVE-2023-50868",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-14T16:15:45.377",
  "lastModified": "2024-02-14T18:04:50.373",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://datatracker.ietf.org/doc/html/rfc5155",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://kb.isc.org/docs/cve-2023-50868",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.isc.org/blogs/2024-bind-security-release/",
      "source": "cve@mitre.org"
    }
  ]
}
Auto-Update: 2024-02-14T17:08:42.015866+00:00 2024-02-14 17:08:46 +00:00			`{`
			`"id": "CVE-2023-50868",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2024-02-14T16:15:45.377",`
Auto-Update: 2024-02-14T19:01:05.917533+00:00 2024-02-14 19:01:09 +00:00			`"lastModified": "2024-02-14T18:04:50.373",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-02-14T17:08:42.015866+00:00 2024-02-14 17:08:46 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations."`
			`}`
			`],`
			`"metrics": {},`
			`"references": [`
			`{`
			`"url": "https://datatracker.ietf.org/doc/html/rfc5155",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://kb.isc.org/docs/cve-2023-50868",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://www.isc.org/blogs/2024-bind-security-release/",`
			`"source": "cve@mitre.org"`
			`}`
			`]`
			`}`