摘要:
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the KeyTrap issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
安全等级: Low
公告ID: KylinSec-SA-2024-1609
发布日期: 2024年5月27日
关联CVE: CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the KeyTrap issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2023-50387 | KY3.4-4A | dhcp | Unaffected |
| CVE-2023-50387 | KY3.4-5 | dhcp | Unaffected |
| CVE-2023-50387 | KY3.5.1 | dhcp | Unaffected |
| CVE-2023-50387 | KY3.5.2 | dhcp | Unaffected |
| CVE-2023-50387 | V6 | dhcp | Unaffected |
