From 68a4533d576108edb3c97a28922bcfeb3e574f42 Mon Sep 17 00:00:00 2001 From: Florian Wilhelm <2292245+fwilhe@users.noreply.github.com> Date: Thu, 9 Jan 2025 14:54:52 +0100 Subject: [PATCH] Switch to latest tag of postgres image for tests (#69) The edgefulldata tag contained test data as part of the image. The latest tag does not contain any data. This commit switches to the maintained latest tag and crates the schema and minimal test data for the tests. --- .../gardenlinux/glvd/GlvdControllerTest.java | 4 +- .../java/io/gardenlinux/glvd/TestConfig.java | 2 +- src/test/resources/test-data/01-schema.sql | 401 ++++++++++++++++++ .../resources/test-data/02-sample-data.sql | 59 +++ 4 files changed, 464 insertions(+), 2 deletions(-) create mode 100644 src/test/resources/test-data/01-schema.sql create mode 100644 src/test/resources/test-data/02-sample-data.sql diff --git a/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java b/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java index eb7bb77..194d2e8 100644 --- a/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java +++ b/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java @@ -41,7 +41,9 @@ class GlvdControllerTest { @ServiceConnection static PostgreSQLContainer postgres = new PostgreSQLContainer<>(glvdPostgresImage) .withDatabaseName("glvd") - .withUsername("glvd").withPassword("glvd"); + .withUsername("glvd") + .withPassword("glvd") + .withInitScripts("test-data/01-schema.sql", "test-data/02-sample-data.sql"); @LocalServerPort private Integer port; diff --git a/src/test/java/io/gardenlinux/glvd/TestConfig.java b/src/test/java/io/gardenlinux/glvd/TestConfig.java index 3a6d42c..97e9d80 100644 --- a/src/test/java/io/gardenlinux/glvd/TestConfig.java +++ b/src/test/java/io/gardenlinux/glvd/TestConfig.java @@ -1,5 +1,5 @@ package io.gardenlinux.glvd; public interface TestConfig { - String DbContainerImage = "ghcr.io/gardenlinux/glvd-postgres:edgefulldata"; + String DbContainerImage = "ghcr.io/gardenlinux/glvd-postgres:latest"; } diff --git a/src/test/resources/test-data/01-schema.sql b/src/test/resources/test-data/01-schema.sql new file mode 100644 index 0000000..06a7512 --- /dev/null +++ b/src/test/resources/test-data/01-schema.sql @@ -0,0 +1,401 @@ +CREATE EXTENSION IF NOT EXISTS debversion WITH SCHEMA public; + + +-- +-- Name: EXTENSION debversion; Type: COMMENT; Schema: -; Owner: +-- + +COMMENT ON EXTENSION debversion IS 'Debian version number data type'; + + +SET default_tablespace = ''; + +SET default_table_access_method = heap; + +-- +-- Name: all_cve; Type: TABLE; Schema: public; Owner: glvd +-- + +CREATE TABLE public.all_cve ( + cve_id text NOT NULL, + last_mod timestamp with time zone DEFAULT now() NOT NULL, + data json NOT NULL +); + + +ALTER TABLE public.all_cve OWNER TO glvd; + +-- +-- Name: cve_context; Type: TABLE; Schema: public; Owner: glvd +-- + +CREATE TABLE public.cve_context ( + dist_id integer NOT NULL, + cve_id text NOT NULL, + create_date timestamp with time zone DEFAULT now() NOT NULL, + context_descriptor text NOT NULL, + score_override numeric, + description text NOT NULL, + is_resolved boolean DEFAULT true +); + + +ALTER TABLE public.cve_context OWNER TO glvd; + +-- +-- Name: cve_with_context; Type: VIEW; Schema: public; Owner: glvd +-- + +CREATE VIEW public.cve_with_context AS + SELECT cve_context.dist_id, + cve_context.cve_id + FROM public.cve_context + GROUP BY cve_context.dist_id, cve_context.cve_id; + + +ALTER VIEW public.cve_with_context OWNER TO glvd; + +-- +-- Name: cvedetails; Type: VIEW; Schema: public; Owner: glvd +-- + +CREATE VIEW public.cvedetails AS +SELECT + NULL::text AS cve_id, + NULL::json AS vulnstatus, + NULL::json AS published, + NULL::text[] AS cve_context_description, + NULL::text[] AS distro, + NULL::text[] AS distro_version, + NULL::boolean[] AS is_vulnerable, + NULL::text[] AS source_package_name, + NULL::text[] AS source_package_version, + NULL::text[] AS version_fixed, + NULL::json AS description, + NULL::numeric AS base_score_v40, + NULL::numeric AS base_score_v31, + NULL::numeric AS base_score_v30, + NULL::numeric AS base_score_v2, + NULL::text AS vector_string_v40, + NULL::text AS vector_string_v31, + NULL::text AS vector_string_v30, + NULL::text AS vector_string_v2; + + +ALTER VIEW public.cvedetails OWNER TO glvd; + +-- +-- Name: deb_cve; Type: TABLE; Schema: public; Owner: glvd +-- + +CREATE TABLE public.deb_cve ( + dist_id integer NOT NULL, + cve_id text NOT NULL, + last_mod timestamp with time zone DEFAULT now() NOT NULL, + cvss_severity integer, + deb_source text NOT NULL, + deb_version public.debversion NOT NULL, + deb_version_fixed public.debversion, + debsec_vulnerable boolean NOT NULL, + data_cpe_match json NOT NULL +); + + +ALTER TABLE public.deb_cve OWNER TO glvd; + +-- +-- Name: debsec_cve; Type: TABLE; Schema: public; Owner: glvd +-- + +CREATE TABLE public.debsec_cve ( + dist_id integer NOT NULL, + cve_id text NOT NULL, + last_mod timestamp with time zone DEFAULT now() NOT NULL, + deb_source text NOT NULL, + deb_version_fixed public.debversion, + debsec_tag text, + debsec_note text +); + + +ALTER TABLE public.debsec_cve OWNER TO glvd; + +-- +-- Name: debsrc; Type: TABLE; Schema: public; Owner: glvd +-- + +CREATE TABLE public.debsrc ( + dist_id integer NOT NULL, + last_mod timestamp with time zone DEFAULT now() NOT NULL, + deb_source text NOT NULL, + deb_version public.debversion NOT NULL +); + + +ALTER TABLE public.debsrc OWNER TO glvd; + +-- +-- Name: dist_cpe; Type: TABLE; Schema: public; Owner: glvd +-- + +CREATE TABLE public.dist_cpe ( + id integer NOT NULL, + cpe_vendor text NOT NULL, + cpe_product text NOT NULL, + cpe_version text NOT NULL, + deb_codename text NOT NULL +); + + +ALTER TABLE public.dist_cpe OWNER TO glvd; + +-- +-- Name: dist_cpe_id_seq; Type: SEQUENCE; Schema: public; Owner: glvd +-- + +CREATE SEQUENCE public.dist_cpe_id_seq + AS integer + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER SEQUENCE public.dist_cpe_id_seq OWNER TO glvd; + +-- +-- Name: dist_cpe_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: glvd +-- + +ALTER SEQUENCE public.dist_cpe_id_seq OWNED BY public.dist_cpe.id; + + +-- +-- Name: nvd_cve; Type: TABLE; Schema: public; Owner: glvd +-- + +CREATE TABLE public.nvd_cve ( + cve_id text NOT NULL, + last_mod timestamp with time zone NOT NULL, + data json NOT NULL +); + + +ALTER TABLE public.nvd_cve OWNER TO glvd; + +-- +-- Name: sourcepackagecve; Type: VIEW; Schema: public; Owner: glvd +-- + +CREATE VIEW public.sourcepackagecve AS + SELECT all_cve.cve_id, + deb_cve.deb_source AS source_package_name, + deb_cve.deb_version AS source_package_version, + dist_cpe.cpe_version AS gardenlinux_version, + ((deb_cve.debsec_vulnerable AND (cve_context.is_resolved IS NOT TRUE)) = true) AS is_vulnerable, + deb_cve.debsec_vulnerable, + cve_context.is_resolved, + (all_cve.data ->> 'published'::text) AS cve_published_date, + CASE + WHEN (((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric IS NOT NULL) THEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric + WHEN (((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric IS NOT NULL) THEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric + WHEN (((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric IS NOT NULL) THEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric + WHEN (((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric IS NOT NULL) THEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric + ELSE NULL::numeric + END AS base_score, + CASE + WHEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) IS NOT NULL) THEN (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) + WHEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) IS NOT NULL) THEN (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) + WHEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) IS NOT NULL) THEN (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) + WHEN ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) IS NOT NULL) THEN (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) + ELSE NULL::text + END AS vector_string, + ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v40, + ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v31, + ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v30, + ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v2, + (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v40, + (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v31, + (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v30, + (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v2 + FROM (((public.all_cve + JOIN public.deb_cve USING (cve_id)) + JOIN public.dist_cpe ON ((deb_cve.dist_id = dist_cpe.id))) + FULL JOIN public.cve_context USING (cve_id, dist_id)) + WHERE ((dist_cpe.cpe_product = 'gardenlinux'::text) AND (deb_cve.debsec_vulnerable = true)); + + +ALTER VIEW public.sourcepackagecve OWNER TO glvd; + +-- +-- Name: recentsourcepackagecve; Type: VIEW; Schema: public; Owner: glvd +-- + +CREATE VIEW public.recentsourcepackagecve AS + SELECT sourcepackagecve.cve_id, + sourcepackagecve.source_package_name, + sourcepackagecve.source_package_version, + sourcepackagecve.gardenlinux_version, + sourcepackagecve.is_vulnerable, + sourcepackagecve.cve_published_date, + sourcepackagecve.base_score, + sourcepackagecve.vector_string, + sourcepackagecve.base_score_v40, + sourcepackagecve.base_score_v31, + sourcepackagecve.base_score_v30, + sourcepackagecve.base_score_v2, + sourcepackagecve.vector_string_v40, + sourcepackagecve.vector_string_v31, + sourcepackagecve.vector_string_v30, + sourcepackagecve.vector_string_v2 + FROM public.sourcepackagecve + WHERE ((sourcepackagecve.cve_published_date)::timestamp with time zone > (now() - '10 days'::interval)); + + +ALTER VIEW public.recentsourcepackagecve OWNER TO glvd; + +-- +-- Name: sourcepackage; Type: VIEW; Schema: public; Owner: glvd +-- + +CREATE VIEW public.sourcepackage AS + SELECT debsrc.deb_source AS source_package_name, + debsrc.deb_version AS source_package_version, + dist_cpe.cpe_version AS gardenlinux_version + FROM (public.debsrc + JOIN public.dist_cpe ON ((debsrc.dist_id = dist_cpe.id))) + WHERE (dist_cpe.cpe_product = 'gardenlinux'::text); + + +ALTER VIEW public.sourcepackage OWNER TO glvd; + +-- +-- Name: dist_cpe id; Type: DEFAULT; Schema: public; Owner: glvd +-- + +ALTER TABLE ONLY public.dist_cpe ALTER COLUMN id SET DEFAULT nextval('public.dist_cpe_id_seq'::regclass); + + +-- +-- Name: all_cve all_cve_pkey; Type: CONSTRAINT; Schema: public; Owner: glvd +-- + +ALTER TABLE ONLY public.all_cve + ADD CONSTRAINT all_cve_pkey PRIMARY KEY (cve_id); + + +-- +-- Name: cve_context cve_context_pkey; Type: CONSTRAINT; Schema: public; Owner: glvd +-- + +ALTER TABLE ONLY public.cve_context + ADD CONSTRAINT cve_context_pkey PRIMARY KEY (dist_id, cve_id, create_date, context_descriptor); + + +-- +-- Name: deb_cve deb_cve_pkey; Type: CONSTRAINT; Schema: public; Owner: glvd +-- + +ALTER TABLE ONLY public.deb_cve + ADD CONSTRAINT deb_cve_pkey PRIMARY KEY (dist_id, cve_id, deb_source); + + +-- +-- Name: debsec_cve debsec_cve_pkey; Type: CONSTRAINT; Schema: public; Owner: glvd +-- + +ALTER TABLE ONLY public.debsec_cve + ADD CONSTRAINT debsec_cve_pkey PRIMARY KEY (dist_id, cve_id, deb_source); + + +-- +-- Name: debsrc debsrc_pkey; Type: CONSTRAINT; Schema: public; Owner: glvd +-- + +ALTER TABLE ONLY public.debsrc + ADD CONSTRAINT debsrc_pkey PRIMARY KEY (dist_id, deb_source); + + +-- +-- Name: dist_cpe dist_cpe_pkey; Type: CONSTRAINT; Schema: public; Owner: glvd +-- + +ALTER TABLE ONLY public.dist_cpe + ADD CONSTRAINT dist_cpe_pkey PRIMARY KEY (id); + + +-- +-- Name: nvd_cve nvd_cve_pkey; Type: CONSTRAINT; Schema: public; Owner: glvd +-- + +ALTER TABLE ONLY public.nvd_cve + ADD CONSTRAINT nvd_cve_pkey PRIMARY KEY (cve_id); + + +-- +-- Name: deb_cve_search; Type: INDEX; Schema: public; Owner: glvd +-- + +CREATE INDEX deb_cve_search ON public.deb_cve USING btree (dist_id, debsec_vulnerable, deb_source, deb_version); + + +-- +-- Name: cvedetails _RETURN; Type: RULE; Schema: public; Owner: glvd +-- + +CREATE OR REPLACE VIEW public.cvedetails AS + SELECT all_cve.cve_id, + (all_cve.data -> 'vulnStatus'::text) AS vulnstatus, + (all_cve.data -> 'published'::text) AS published, + array_agg(cve_context.description) AS cve_context_description, + array_agg(dist_cpe.cpe_product) AS distro, + array_agg(dist_cpe.cpe_version) AS distro_version, + array_agg(deb_cve.debsec_vulnerable) AS is_vulnerable, + array_agg(deb_cve.deb_source) AS source_package_name, + array_agg((deb_cve.deb_version)::text) AS source_package_version, + array_agg((deb_cve.deb_version_fixed)::text) AS version_fixed, + (((all_cve.data -> 'descriptions'::text) -> 0) -> 'value'::text) AS description, + ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v40, + ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v31, + ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v30, + ((((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'baseScore'::text))::numeric AS base_score_v2, + (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV40'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v40, + (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV31'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v31, + (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV30'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v30, + (((((all_cve.data -> 'metrics'::text) -> 'cvssMetricV2'::text) -> 0) -> 'cvssData'::text) ->> 'vectorString'::text) AS vector_string_v2 + FROM (((public.all_cve + JOIN public.deb_cve USING (cve_id)) + JOIN public.dist_cpe ON ((deb_cve.dist_id = dist_cpe.id))) + FULL JOIN public.cve_context USING (cve_id, dist_id)) + GROUP BY all_cve.cve_id; + + +-- +-- Name: deb_cve deb_cve_dist_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: glvd +-- + +ALTER TABLE ONLY public.deb_cve + ADD CONSTRAINT deb_cve_dist_id_fkey FOREIGN KEY (dist_id) REFERENCES public.dist_cpe(id); + + +-- +-- Name: debsec_cve debsec_cve_dist_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: glvd +-- + +ALTER TABLE ONLY public.debsec_cve + ADD CONSTRAINT debsec_cve_dist_id_fkey FOREIGN KEY (dist_id) REFERENCES public.dist_cpe(id); + + +-- +-- Name: debsrc debsrc_dist_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: glvd +-- + +ALTER TABLE ONLY public.debsrc + ADD CONSTRAINT debsrc_dist_id_fkey FOREIGN KEY (dist_id) REFERENCES public.dist_cpe(id); + + +-- +-- PostgreSQL database dump complete +-- + diff --git a/src/test/resources/test-data/02-sample-data.sql b/src/test/resources/test-data/02-sample-data.sql new file mode 100644 index 0000000..e4988d4 --- /dev/null +++ b/src/test/resources/test-data/02-sample-data.sql @@ -0,0 +1,59 @@ +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (1, 'debian', 'debian_linux', '13', 'trixie'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (2, 'debian', 'debian_linux', '12', 'bookworm'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (3, 'debian', 'debian_linux', '', ''); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (4, 'debian', 'debian_linux', '11', 'bullseye'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (5, 'debian', 'debian_linux', '10', 'buster'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (6, 'debian', 'debian_linux', '9', 'stretch'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (7, 'debian', 'debian_linux', '8', 'jessie'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (8, 'debian', 'debian_linux', '7', 'wheezy'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (9, 'debian', 'debian_linux', '6.0', 'squeeze'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (10, 'debian', 'debian_linux', '5.0', 'lenny'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (11, 'debian', 'debian_linux', '4.0', 'etch'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (12, 'debian', 'debian_linux', '3.1', 'sarge'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (13, 'debian', 'debian_linux', '3.0', 'woody'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (14, 'sap', 'gardenlinux', 'today', 'today'); +INSERT INTO public.dist_cpe (id, cpe_vendor, cpe_product, cpe_version, deb_codename) VALUES (15, 'sap', 'gardenlinux', '1592.4', '1592'); + +INSERT INTO public.all_cve (cve_id, last_mod, data) VALUES ('CVE-2023-50387', '2024-12-06 11:25:13.831634+00', '{"id": "CVE-2023-50387", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-14T16:15:45.300", "lastModified": "2024-11-21T08:36:56.937", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records."}, {"lang": "es", "value": "Ciertos aspectos DNSSEC del protocolo DNS (en RFC 4035 y RFC relacionados) permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una o m\u00e1s respuestas DNSSEC cuando hay una zona con muchos registros DNSKEY y RRSIG, tambi\u00e9n conocido como \"KeyTrap\". \" asunto. La especificaci\u00f3n del protocolo implica que un algoritmo debe evaluar todas las combinaciones de registros DNSKEY y RRSIG."}], "metrics": {"cvssMetricV31": [{"source": "nvd@nist.gov", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "nvd@nist.gov", "type": "Primary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}, {"vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*", "matchCriteriaId": "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "964796B3-BA45-4180-A8DA-64CF93CED122"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nic:knot_resolver:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.71", "matchCriteriaId": "8A8328E8-C652-4262-8C00-D89AD8F75CCF"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8.0", "versionEndExcluding": "4.8.6", "matchCriteriaId": "5207D316-7DC9-4724-BC48-C8D3EC5087E8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.0", "versionEndExcluding": "4.9.3", "matchCriteriaId": "FEE64451-7CB9-45BD-8168-9F48199A9363"}, {"vulnerable": true, "criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.0.2", "matchCriteriaId": "0526B76D-52BB-4FA1-B692-8EDEC673EAE5"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.0.0", "versionEndIncluding": "9.16.46", "matchCriteriaId": "F3814976-5223-4615-BA7B-E33083D3EC26"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.18.0", "versionEndIncluding": "9.18.22", "matchCriteriaId": "140CCABA-F134-4CC2-9960-258D6BFF34DD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.19.0", "versionEndIncluding": "9.19.20", "matchCriteriaId": "71BAD5BF-8532-4988-A772-6CD7B851E9E2"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.19.1", "matchCriteriaId": "8C094EEB-BAD6-495B-B1CB-671D31549F15"}]}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=pdns-recursor", "deb": {"versionLatest": "4.8.8-1", "cvssSeverity": "HIGH", "versionEndExcluding": "4.9.3-1"}, "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=bind9", "deb": {"versionLatest": "1:9.18.28-1~deb12u2", "cvssSeverity": "HIGH", "versionEndExcluding": "1:9.19.21-1"}, "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=dnsmasq", "deb": {"versionLatest": "2.89-1", "cvssSeverity": "HIGH"}, "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=knot-resolver", "deb": {"versionLatest": "5.6.0-1+deb12u1", "cvssSeverity": "HIGH", "versionEndExcluding": "5.7.1-1"}, "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=unbound", "deb": {"versionLatest": "1.17.1-2+deb12u2", "cvssSeverity": "HIGH", "versionEndExcluding": "1.19.1-1"}, "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=systemd", "deb": {"versionLatest": "252.31-1~deb12u1", "cvssSeverity": "HIGH", "versionEndExcluding": "252.23-1~deb12u1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=dnsjava", "deb": {"versionLatest": "2.1.8-2", "cvssSeverity": "HIGH"}, "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=pdns-recursor", "deb": {"versionLatest": "5.1.3-1", "cvssSeverity": "HIGH", "versionEndExcluding": "4.9.3-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=unbound", "deb": {"versionLatest": "1.22.0-1", "cvssSeverity": "HIGH", "versionEndExcluding": "1.19.1-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=bind9", "deb": {"versionLatest": "1:9.20.3-1", "cvssSeverity": "HIGH", "versionEndExcluding": "1:9.19.21-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=dnsmasq", "deb": {"versionLatest": "2.90-5", "cvssSeverity": "HIGH", "versionEndExcluding": "2.90-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=knot-resolver", "deb": {"versionLatest": "5.7.4-2", "cvssSeverity": "HIGH", "versionEndExcluding": "5.7.1-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=systemd", "deb": {"versionLatest": "257~rc3-1", "cvssSeverity": "HIGH", "versionEndExcluding": "255.4-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:sap:gardenlinux:1592.4:*:*:*:*:*:*:deb_source\\=bind9", "deb": {"versionLatest": "1:9.20.0-2", "cvssSeverity": "HIGH", "versionEndExcluding": "1:9.19.21-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:sap:gardenlinux:1592.4:*:*:*:*:*:*:deb_source\\=dnsmasq", "deb": {"versionLatest": "2.90-4", "cvssSeverity": "HIGH", "versionEndExcluding": "2.90-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:sap:gardenlinux:1592.4:*:*:*:*:*:*:deb_source\\=systemd", "deb": {"versionLatest": "256.4-2gardenlinux0", "cvssSeverity": "HIGH", "versionEndExcluding": "255.4-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:sap:gardenlinux:1592.4:*:*:*:*:*:*:deb_source\\=unbound", "deb": {"versionLatest": "1.20.0-1", "cvssSeverity": "HIGH", "versionEndExcluding": "1.19.1-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:sap:gardenlinux:today:*:*:*:*:*:*:deb_source\\=systemd", "deb": {"versionLatest": "256.8-0gl0", "cvssSeverity": "HIGH", "versionEndExcluding": "255.4-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:sap:gardenlinux:today:*:*:*:*:*:*:deb_source\\=bind9", "deb": {"versionLatest": "1:9.19.24-2gl0", "cvssSeverity": "HIGH", "versionEndExcluding": "1:9.19.21-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:sap:gardenlinux:today:*:*:*:*:*:*:deb_source\\=dnsmasq", "deb": {"versionLatest": "2.90-5", "cvssSeverity": "HIGH", "versionEndExcluding": "2.90-1"}, "vulnerable": false}, {"criteria": "cpe:2.3:o:sap:gardenlinux:today:*:*:*:*:*:*:deb_source\\=unbound", "deb": {"versionLatest": "1.22.0-1", "cvssSeverity": "HIGH", "versionEndExcluding": "1.19.1-1"}, "vulnerable": false}], "negate": false, "operator": "OR"}]}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2", "source": "cve@mitre.org", "tags": ["Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3", "source": "cve@mitre.org", "tags": ["Mailing List"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-50387", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823", "source": "cve@mitre.org", "tags": ["Issue Tracking"]}, {"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "source": "cve@mitre.org", "tags": ["Patch"]}, {"url": "https://kb.isc.org/docs/cve-2023-50387", "source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "source": "cve@mitre.org", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "source": "cve@mitre.org", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "source": "cve@mitre.org", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "source": "cve@mitre.org"}, {"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", "source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://news.ycombinator.com/item?id=39367411", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://news.ycombinator.com/item?id=39372384", "source": "cve@mitre.org", "tags": ["Issue Tracking"]}, {"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "source": "cve@mitre.org", "tags": ["Vendor Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0007/", "source": "cve@mitre.org"}, {"url": "https://www.athene-center.de/aktuelles/key-trap", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf", "source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"]}, {"url": "https://www.isc.org/blogs/2024-bind-security-release/", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/", "source": "cve@mitre.org", "tags": ["Press/Media Coverage", "Third Party Advisory"]}, {"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/", "source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-50387", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"]}, {"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"]}, {"url": "https://kb.isc.org/docs/cve-2023-50387", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://news.ycombinator.com/item?id=39367411", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://news.ycombinator.com/item?id=39372384", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"]}, {"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0007/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.athene-center.de/aktuelles/key-trap", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"]}, {"url": "https://www.isc.org/blogs/2024-bind-security-release/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Press/Media Coverage", "Third Party Advisory"]}, {"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}]}'); + +INSERT INTO public.cve_context (dist_id, cve_id, create_date, context_descriptor, score_override, description, is_resolved) VALUES (14, 'CVE-2023-50387', '2024-12-06 11:25:25.922465+00', 'dummy', NULL, 'automated dummy data', true); + +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (2, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'bind9', '1:9.18.28-1~deb12u2', '1:9.19.21-1', true, '{"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=bind9", "deb": {"versionLatest": "1:9.18.28-1~deb12u2", "cvssSeverity": "HIGH", "versionEndExcluding": "1:9.19.21-1"}, "vulnerable": true}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (2, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'dnsmasq', '2.89-1', NULL, true, '{"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=dnsmasq", "deb": {"versionLatest": "2.89-1", "cvssSeverity": "HIGH"}, "vulnerable": true}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (2, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'knot-resolver', '5.6.0-1+deb12u1', '5.7.1-1', true, '{"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=knot-resolver", "deb": {"versionLatest": "5.6.0-1+deb12u1", "cvssSeverity": "HIGH", "versionEndExcluding": "5.7.1-1"}, "vulnerable": true}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (2, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'pdns-recursor', '4.8.8-1', '4.9.3-1', true, '{"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=pdns-recursor", "deb": {"versionLatest": "4.8.8-1", "cvssSeverity": "HIGH", "versionEndExcluding": "4.9.3-1"}, "vulnerable": true}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (2, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'unbound', '1.17.1-2+deb12u2', '1.19.1-1', true, '{"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=unbound", "deb": {"versionLatest": "1.17.1-2+deb12u2", "cvssSeverity": "HIGH", "versionEndExcluding": "1.19.1-1"}, "vulnerable": true}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (2, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'systemd', '252.31-1~deb12u1', '252.23-1~deb12u1', false, '{"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=systemd", "deb": {"versionLatest": "252.31-1~deb12u1", "cvssSeverity": "HIGH", "versionEndExcluding": "252.23-1~deb12u1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (2, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'dnsjava', '2.1.8-2', NULL, true, '{"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=dnsjava", "deb": {"versionLatest": "2.1.8-2", "cvssSeverity": "HIGH"}, "vulnerable": true}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (1, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'bind9', '1:9.20.3-1', '1:9.19.21-1', false, '{"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=bind9", "deb": {"versionLatest": "1:9.20.3-1", "cvssSeverity": "HIGH", "versionEndExcluding": "1:9.19.21-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (1, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'dnsmasq', '2.90-5', '2.90-1', false, '{"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=dnsmasq", "deb": {"versionLatest": "2.90-5", "cvssSeverity": "HIGH", "versionEndExcluding": "2.90-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (1, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'knot-resolver', '5.7.4-2', '5.7.1-1', false, '{"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=knot-resolver", "deb": {"versionLatest": "5.7.4-2", "cvssSeverity": "HIGH", "versionEndExcluding": "5.7.1-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (1, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'pdns-recursor', '5.1.3-1', '4.9.3-1', false, '{"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=pdns-recursor", "deb": {"versionLatest": "5.1.3-1", "cvssSeverity": "HIGH", "versionEndExcluding": "4.9.3-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (1, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'unbound', '1.22.0-1', '1.19.1-1', false, '{"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=unbound", "deb": {"versionLatest": "1.22.0-1", "cvssSeverity": "HIGH", "versionEndExcluding": "1.19.1-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (1, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'systemd', '257~rc3-1', '255.4-1', false, '{"criteria": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:deb_source\\=systemd", "deb": {"versionLatest": "257~rc3-1", "cvssSeverity": "HIGH", "versionEndExcluding": "255.4-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (14, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'bind9', '1:9.19.24-2gl0', '1:9.19.21-1', false, '{"criteria": "cpe:2.3:o:sap:gardenlinux:today:*:*:*:*:*:*:deb_source\\=bind9", "deb": {"versionLatest": "1:9.19.24-2gl0", "cvssSeverity": "HIGH", "versionEndExcluding": "1:9.19.21-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (14, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'dnsmasq', '2.90-5', '2.90-1', false, '{"criteria": "cpe:2.3:o:sap:gardenlinux:today:*:*:*:*:*:*:deb_source\\=dnsmasq", "deb": {"versionLatest": "2.90-5", "cvssSeverity": "HIGH", "versionEndExcluding": "2.90-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (14, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'unbound', '1.22.0-1', '1.19.1-1', false, '{"criteria": "cpe:2.3:o:sap:gardenlinux:today:*:*:*:*:*:*:deb_source\\=unbound", "deb": {"versionLatest": "1.22.0-1", "cvssSeverity": "HIGH", "versionEndExcluding": "1.19.1-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (14, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'systemd', '256.8-0gl0', '255.4-1', false, '{"criteria": "cpe:2.3:o:sap:gardenlinux:today:*:*:*:*:*:*:deb_source\\=systemd", "deb": {"versionLatest": "256.8-0gl0", "cvssSeverity": "HIGH", "versionEndExcluding": "255.4-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (15, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'bind9', '1:9.20.0-2', '1:9.19.21-1', false, '{"criteria": "cpe:2.3:o:sap:gardenlinux:1592.4:*:*:*:*:*:*:deb_source\\=bind9", "deb": {"versionLatest": "1:9.20.0-2", "cvssSeverity": "HIGH", "versionEndExcluding": "1:9.19.21-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (15, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'dnsmasq', '2.90-4', '2.90-1', false, '{"criteria": "cpe:2.3:o:sap:gardenlinux:1592.4:*:*:*:*:*:*:deb_source\\=dnsmasq", "deb": {"versionLatest": "2.90-4", "cvssSeverity": "HIGH", "versionEndExcluding": "2.90-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (15, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'unbound', '1.20.0-1', '1.19.1-1', false, '{"criteria": "cpe:2.3:o:sap:gardenlinux:1592.4:*:*:*:*:*:*:deb_source\\=unbound", "deb": {"versionLatest": "1.20.0-1", "cvssSeverity": "HIGH", "versionEndExcluding": "1.19.1-1"}, "vulnerable": false}'); +INSERT INTO public.deb_cve (dist_id, cve_id, last_mod, cvss_severity, deb_source, deb_version, deb_version_fixed, debsec_vulnerable, data_cpe_match) VALUES (15, 'CVE-2023-50387', '2024-12-06 11:24:50.627702+00', 4, 'systemd', '256.4-2gardenlinux0', '255.4-1', false, '{"criteria": "cpe:2.3:o:sap:gardenlinux:1592.4:*:*:*:*:*:*:deb_source\\=systemd", "deb": {"versionLatest": "256.4-2gardenlinux0", "cvssSeverity": "HIGH", "versionEndExcluding": "255.4-1"}, "vulnerable": false}'); + +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (3, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'bind9', '1:9.19.21-1', NULL, NULL); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (3, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'dnsmasq', '2.90-1', NULL, NULL); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (3, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'knot-resolver', '5.7.1-1', NULL, NULL); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (3, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'pdns-recursor', '4.9.3-1', NULL, 'bug #1063852'); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (3, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'unbound', '1.19.1-1', NULL, 'bug #1063845'); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (3, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'systemd', '255.4-1', NULL, NULL); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (3, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'dnsjava', NULL, 'unfixed', 'bug #1077750'); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (2, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'dnsmasq', NULL, 'no-dsa', 'Update proposed for next point release'); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (2, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'systemd', '252.23-1~deb12u1', NULL, NULL); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (2, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'dnsjava', NULL, 'no-dsa', 'Minor issue'); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (4, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'knot-resolver', NULL, 'ignored', 'Too intrusive to backport, if DNSSEC is used Bookworm can be used'); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (4, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'pdns-recursor', NULL, 'end-of-life', 'No longer supported with security updates in Bullseye'); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (4, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'dnsjava', NULL, 'no-dsa', 'Minor issue'); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (5, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'knot-resolver', NULL, 'ignored', 'Too intrusive to backport'); +INSERT INTO public.debsec_cve (dist_id, cve_id, last_mod, deb_source, deb_version_fixed, debsec_tag, debsec_note) VALUES (5, 'CVE-2023-50387', '2024-12-06 09:56:43.512384+00', 'systemd', NULL, 'no-dsa', 'DNSSEC is disabled by default in systemd-resolved; can be fixed via point release'); + +INSERT INTO public.nvd_cve (cve_id, last_mod, data) VALUES ('CVE-2023-50387', '2024-11-21 08:36:56.937+00', '{"id": "CVE-2023-50387", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-14T16:15:45.300", "lastModified": "2024-11-21T08:36:56.937", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records."}, {"lang": "es", "value": "Ciertos aspectos DNSSEC del protocolo DNS (en RFC 4035 y RFC relacionados) permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una o m\u00e1s respuestas DNSSEC cuando hay una zona con muchos registros DNSKEY y RRSIG, tambi\u00e9n conocido como \"KeyTrap\". \" asunto. La especificaci\u00f3n del protocolo implica que un algoritmo debe evaluar todas las combinaciones de registros DNSKEY y RRSIG."}], "metrics": {"cvssMetricV31": [{"source": "nvd@nist.gov", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "nvd@nist.gov", "type": "Primary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}, {"vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*", "matchCriteriaId": "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.90", "matchCriteriaId": "964796B3-BA45-4180-A8DA-64CF93CED122"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nic:knot_resolver:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.71", "matchCriteriaId": "8A8328E8-C652-4262-8C00-D89AD8F75CCF"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8.0", "versionEndExcluding": "4.8.6", "matchCriteriaId": "5207D316-7DC9-4724-BC48-C8D3EC5087E8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.0", "versionEndExcluding": "4.9.3", "matchCriteriaId": "FEE64451-7CB9-45BD-8168-9F48199A9363"}, {"vulnerable": true, "criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.0.2", "matchCriteriaId": "0526B76D-52BB-4FA1-B692-8EDEC673EAE5"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.0.0", "versionEndIncluding": "9.16.46", "matchCriteriaId": "F3814976-5223-4615-BA7B-E33083D3EC26"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.18.0", "versionEndIncluding": "9.18.22", "matchCriteriaId": "140CCABA-F134-4CC2-9960-258D6BFF34DD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.19.0", "versionEndIncluding": "9.19.20", "matchCriteriaId": "71BAD5BF-8532-4988-A772-6CD7B851E9E2"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.19.1", "matchCriteriaId": "8C094EEB-BAD6-495B-B1CB-671D31549F15"}]}]}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2", "source": "cve@mitre.org", "tags": ["Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3", "source": "cve@mitre.org", "tags": ["Mailing List"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-50387", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823", "source": "cve@mitre.org", "tags": ["Issue Tracking"]}, {"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "source": "cve@mitre.org", "tags": ["Patch"]}, {"url": "https://kb.isc.org/docs/cve-2023-50387", "source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "source": "cve@mitre.org", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "source": "cve@mitre.org", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "source": "cve@mitre.org", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "source": "cve@mitre.org"}, {"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", "source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://news.ycombinator.com/item?id=39367411", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://news.ycombinator.com/item?id=39372384", "source": "cve@mitre.org", "tags": ["Issue Tracking"]}, {"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "source": "cve@mitre.org", "tags": ["Vendor Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0007/", "source": "cve@mitre.org"}, {"url": "https://www.athene-center.de/aktuelles/key-trap", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf", "source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"]}, {"url": "https://www.isc.org/blogs/2024-bind-security-release/", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/", "source": "cve@mitre.org", "tags": ["Press/Media Coverage", "Third Party Advisory"]}, {"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/", "source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-50387", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"]}, {"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"]}, {"url": "https://kb.isc.org/docs/cve-2023-50387", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://news.ycombinator.com/item?id=39367411", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://news.ycombinator.com/item?id=39372384", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"]}, {"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0007/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.athene-center.de/aktuelles/key-trap", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"]}, {"url": "https://www.isc.org/blogs/2024-bind-security-release/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Press/Media Coverage", "Third Party Advisory"]}, {"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}]}');