oss-sec mailing list archives
Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
From: Solar Designer <solar () openwall com>
Date: Fri, 16 Feb 2024 20:27:51 +0100
On Fri, Feb 16, 2024 at 11:10:08AM -0800, Alan Coopersmith wrote:
For those who want more details on the CVE-2023-50387 flaw itself, the researchers have now published their paper at https://www.athene-center.de/en/keytrap (see the PDF link in the "Technical Report" section).
Also, ISC published a blog post on both DNSSEC issues: https://www.isc.org/blogs/2024-bind-security-release/ And there's a collection of many other related links here: https://infosec.exchange/@tychotithonus/111924626712765292 It's possibly still being updated. May need to click "SHOW MORE" to see them all. Alexander
Current thread:
- Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Yorgos Thessalonikefs (Feb 13)
- Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Alan Coopersmith (Feb 13)
- Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Solar Designer (Feb 13)
- Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Solar Designer (Feb 13)
- Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Alan Coopersmith (Feb 16)
- Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Solar Designer (Feb 16)
- Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Solar Designer (Feb 13)
- Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities Alan Coopersmith (Feb 13)