Test ID:	1.3.6.1.4.1.25623.1.0.151753
Category:	Denial of Service
Title:	Pi-hole FTL DNS < 5.25 Multiple DoS Vulnerabilities (KeyTrap)
Summary:	Pi-hole FTL DNS is prone to multiple denial of service (DoS); vulnerabilities.
Description:	Summary: Pi-hole FTL DNS is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator - CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust CPU resources Affected Software/OS: Pi-hole FTL DNS versions 5.24 and prior. Solution: Update to version 5.25 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-50387 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/ https://access.redhat.com/security/cve/CVE-2023-50387 https://bugzilla.suse.com/show_bug.cgi?id=1219823 https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 https://kb.isc.org/docs/cve-2023-50387 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387 https://news.ycombinator.com/item?id=39367411 https://news.ycombinator.com/item?id=39372384 https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ https://www.athene-center.de/aktuelles/key-trap https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf https://www.isc.org/blogs/2024-bind-security-release/ https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/ https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html http://www.openwall.com/lists/oss-security/2024/02/16/2 http://www.openwall.com/lists/oss-security/2024/02/16/3 Common Vulnerability Exposure (CVE) ID: CVE-2023-50868 https://access.redhat.com/security/cve/CVE-2023-50868 https://bugzilla.suse.com/show_bug.cgi?id=1219826 https://datatracker.ietf.org/doc/html/rfc5155 https://kb.isc.org/docs/cve-2023-50868
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.