CVE-2023-50868: MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Category

Denial of Service

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Publicly Disclosed

Yes

Patch Tuesday

2024-Jun

Released

2024-06-11

EPSS Score

11.80% (percentile: 93.7%)

FAQ

Why is the MITRE Corporation the assigning CNA (CVE Numbering Authority)? CVE-2023-50868 is regarding a vulnerability in DNSSEC validation where an attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. MITRE created this CVE on their behalf. Please see CVE-2023-50868 for more information.

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (11)

Windows

• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows Server 2022, 23H2 Edition (Server Core installation)
• Windows Server 2016
• Windows Server 2016 (Server Core installation)

ESU

• Windows Server 2012
• Windows Server 2012 (Server Core installation)
• Windows Server 2012 R2
• Windows Server 2012 R2 (Server Core installation)

Security Updates (7)

• 5039217
• 5039227
• 5039330
• 5039236
• 5039214
• 5039260
• 5039294

Acknowledgments

Petr Špaček from Internet Systems Consortium (ISC)

Revision History

• 2024-06-11: Information published.