CVE-2023-28451

An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit would be widespread and highly impactful, because the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/idealeer/89947ca07836fd0f7e9761198ca9a0f3.
https://technitium.com/dns/

Configurations

No configuration.

History

20 Sep 2024, 12:30

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en Technitium 11.0.2. Existe una vulnerabilidad (denominada BadDNS) en el software de resolución de DNS, que hace que un solucionador ignore las respuestas válidas, lo que provoca una denegación de servicio (DoS) para una resolución normal. Los efectos de una explotación serían generalizados y de gran impacto, porque el atacante podría simplemente falsificar una respuesta dirigida al puerto de origen de un solucionador vulnerable sin necesidad de adivinar el TXID correcto.

18 Sep 2024, 19:35

Type	Values Removed	Values Added
CWE		CWE-400
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

18 Sep 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-18 15:15

Updated : 2024-09-20 12:30

NVD link : CVE-2023-28451

Mitre link : CVE-2023-28451

CVE.ORG link : CVE-2023-28451

JSON object : View

Products Affected

No product.

CWE

CWE-400

Uncontrolled Resource Consumption

7.5 /10