Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Technitium
  • Dns Server

No data.

No data.

References
Link Providers
https://gist.github.com/idealeer/89947ca07836fd0f7e9761198ca9a0f3. cve-icon cve-icon
https://technitium.com/dns/ cve-icon cve-icon
History

Wed, 18 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Technitium
Technitium dns Server
Weaknesses CWE-406
CPEs cpe:2.3:a:technitium:dns_server:*:*:*:*:*:*:*:*
Vendors & Products Technitium
Technitium dns Server
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Description Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic.
References
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-18T18:20:55.994Z

Reserved: 2023-11-23T00:00:00

Link: CVE-2023-49203

cve-icon Vulnrichment

Updated: 2024-09-18T18:20:46.241Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-18T15:15:14.513

Modified: 2024-09-20T12:30:17.483

Link: CVE-2023-49203

cve-icon Redhat

No data.