Vulnerability DatabaseCVE-2023-50387

CVE-2023-50387:
vulnerability analysis and mitigation

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

7.5

Score

Published February 14, 2024

Severity HIGH

CNA Score 7.5

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 97.7

Exploitation Probability (EPSS) 50.3

Affected packages and libraries

bind9-next-utils-debuginfo
pdns-recursor-debuginfo

Sources

AlmaLinux Security Advisory
- AlmaLinux 8 Severity HIGHHas FixAdded at: Feb 29, 2024
- AlmaLinux 9 Severity HIGHHas FixAdded at: Feb 29, 2024
Alpine Security Tracker
- Alpine 3.16, 3.17, 3.18, 3.19, edge Severity HIGHHas FixAdded at: Feb 14, 2024
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity HIGHHas FixAdded at: Dec 04, 2025
CBL-Mariner
- CBL-Mariner 2.0 Severity HIGHHas FixAdded at: Mar 07, 2024
- CBL-Mariner 3.0 Severity HIGHHas FixAdded at: May 04, 2025
Chainguard
- Chainguard Has FixAdded at: Feb 14, 2024
Container-Optimized OS Release Notes
- Container-Optimized OS Severity HIGHHas FixAdded at: May 06, 2024
Debian Security Tracker
- Debian 10, 13 Severity HIGHHas FixAdded at: Feb 14, 2024
- Debian 11, 12 Severity MEDIUMHas FixAdded at: Feb 14, 2024
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity MEDIUMHas FixAdded at: Dec 08, 2024
GitHub Advisory Database
- Maven Severity HIGHHas FixAdded at: Dec 31, 2025
Homebrew
- Homebrew Severity HIGHHas FixAdded at: Feb 22, 2024
Nix
- Nix Severity HIGHHas FixAdded at: Feb 22, 2024
Photon Security Advisory
- Photon 3.0, 4.0, 5.0 Severity HIGHHas FixAdded at: Feb 22, 2024
Red Hat Errata
- Red Hat 6 Severity HIGHHas FixAdded at: Feb 19, 2025
- Red Hat 7 Severity HIGHHas FixAdded at: Feb 14, 2024
- Red Hat 8 Severity HIGHHas FixAdded at: Feb 14, 2024
- Red Hat 9 Severity HIGHHas FixAdded at: Feb 14, 2024
- Red Hat 10 Severity HIGHNo FixAdded at: Jul 06, 2025
Rocky Linux Product Errata
- Rocky 8 Severity HIGHHas FixAdded at: Apr 09, 2024
- Rocky 9 Severity HIGHHas FixAdded at: May 12, 2024
TuxCare
- AlmaLinux 9.2 Severity HIGHHas FixAdded at: Nov 18, 2025
Ubuntu Security Tracker
- Ubuntu 14.04, 16.04, 18.04 Severity MEDIUMHas FixAdded at: Apr 11, 2024
- Ubuntu 20.04, 22.04, 23.10 Severity MEDIUMHas FixAdded at: Feb 14, 2024
- Ubuntu 24.04 Severity MEDIUMHas FixAdded at: May 06, 2024
- Ubuntu 24.10 Severity MEDIUMHas FixAdded at: Dec 10, 2024
- Ubuntu 25.04 Severity MEDIUMHas FixAdded at: May 08, 2025
- Ubuntu 25.10 Severity MEDIUMHas FixAdded at: Oct 13, 2025
Wolfi
- Wolfi Has FixAdded at: Feb 14, 2024
NVD
- Windows Severity HIGHHas FixAdded at: Feb 14, 2024