eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
History
17 Jun 2025, 20:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/eventlet/eventlet/issues/913 - Exploit, Issue Tracking | |
References | () https://github.com/eventlet/eventlet/releases/tag/v0.35.2 - Release Notes | |
References | () https://github.com/rthalley/dnspython/issues/1045 - Exploit, Issue Tracking | |
References | () https://github.com/rthalley/dnspython/releases/tag/v2.6.0 - Release Notes | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/ - Mailing List | |
References | () https://security.netapp.com/advisory/ntap-20240510-0001/ - Third Party Advisory | |
References | () https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713 - Third Party Advisory | |
References | () https://www.dnspython.org/ - Product | |
CPE | cpe:2.3:a:eventlet:eventlet:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:a:dnspython:dnspython:*:*:*:*:*:*:*:* cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* |
|
First Time |
Dnspython
Eventlet Fedoraproject fedora Netapp hci Compute Node Fedoraproject Netapp Dnspython dnspython Eventlet eventlet Netapp bootstrap Os |
21 Nov 2024, 07:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/eventlet/eventlet/issues/913 - | |
References | () https://github.com/eventlet/eventlet/releases/tag/v0.35.2 - | |
References | () https://github.com/rthalley/dnspython/issues/1045 - | |
References | () https://github.com/rthalley/dnspython/releases/tag/v2.6.0 - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/ - | |
References | () https://security.netapp.com/advisory/ntap-20240510-0001/ - | |
References | () https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713 - | |
References | () https://www.dnspython.org/ - |
27 Aug 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
CWE | CWE-292 |
26 Jun 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 May 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Apr 2024, 12:44
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-11 14:15
Updated : 2025-06-17 20:50
NVD link : CVE-2023-29483
Mitre link : CVE-2023-29483
CVE.ORG link : CVE-2023-29483
JSON object : View
Products Affected
netapp
- hci_compute_node
- bootstrap_os
dnspython
- dnspython
eventlet
- eventlet
fedoraproject
- fedora
CWE
CWE-292
DEPRECATED (Duplicate): Trusting Self-reported DNS Name