QwikSec

Security Database

CVE

CWE

Training

CVE-2023-50387

Published: Feb 14, 2024

Modified: Nov 4, 2025

PUBLISHED

Description

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.athene-center.de/aktuelles/key-trap

https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

https://kb.isc.org/docs/cve-2023-50387

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html

https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/

https://news.ycombinator.com/item?id=39367411

https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/

https://www.isc.org/blogs/2024-bind-security-release/

https://news.ycombinator.com/item?id=39372384

https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387

https://access.redhat.com/security/cve/CVE-2023-50387

https://bugzilla.suse.com/show_bug.cgi?id=1219823

https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf

[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities

mailing-list

[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities

mailing-list

FEDORA-2024-2e26eccfcb

vendor-advisory

FEDORA-2024-e24211eff0

vendor-advisory

FEDORA-2024-21310568fa

vendor-advisory

[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update

mailing-list

FEDORA-2024-b0f9656a76

vendor-advisory

FEDORA-2024-4e36df9dfd

vendor-advisory

FEDORA-2024-499b9be35f

vendor-advisory

FEDORA-2024-c36c448396

vendor-advisory

FEDORA-2024-c967c7d287

vendor-advisory

FEDORA-2024-e00eceb11c

vendor-advisory

FEDORA-2024-fae88b73eb

vendor-advisory

https://security.netapp.com/advisory/ntap-20240307-0007/

[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.