HIGH🇬🇧 English

CVE-2023-28451

CVSS 7.5v3.1pub. 2024-09-18upd. 2025-04-22

An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit would be widespread and highly impactful, because the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Technitium Dnsserver

    APP
    Technitium
    11.0.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2026-42255HIGH7.2ten sam produkt

Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.

CVE-2025-50334HIGH7.5ten sam produkt

An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-li...

CVE-2024-56089HIGH7.5ten sam produkt

An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fa...

CVE-2023-49203HIGH7.5ten sam produkt

Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the D...

CVE-2023-28455HIGH7.5ten sam produkt

An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query ...