Vulnerability Details : CVE-2023-29483
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
Products affected by CVE-2023-29483
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-29483
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 9 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-29483
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.0
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
2.2
|
4.7
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-08-27 |
CWE ids for CVE-2023-29483
-
Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2023-29483
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/
[SECURITY] Fedora 39 Update: python-dns-2.6.1-1.fc39 - package-announce - Fedora Mailing-Lists
-
https://github.com/rthalley/dnspython/issues/1045
Potential DoS via the Tudoor mechanism (CVE-2023-29483) · Issue #1045 · rthalley/dnspython · GitHub
-
https://security.snyk.io/vuln/SNYK-PYTHON-DNSPYTHON-6241713
Incorrect Behavior Order in dnspython | CVE-2023-29483 | Snyk
-
https://github.com/rthalley/dnspython/releases/tag/v2.6.0
Release dnspython 2.6.0 · rthalley/dnspython · GitHub
-
https://github.com/eventlet/eventlet/releases/tag/v0.35.2
Release v0.35.2: 0.35.2 · eventlet/eventlet · GitHub
-
https://www.dnspython.org/
dnspython | dnspython
-
https://github.com/eventlet/eventlet/issues/913
Dnspython 2.6.0rc1 dns.query.udp() API change heads-up · Issue #913 · eventlet/eventlet · GitHub
-
https://security.netapp.com/advisory/ntap-20240510-0001/
CVE-2023-29483 Dnspython Vulnerability in NetApp Products | NetApp Product Security
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/
[SECURITY] Fedora 38 Update: python-dns-2.3.0-3.fc38 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/
[SECURITY] Fedora 40 Update: python-dns-2.6.1-1.fc40 - package-announce - Fedora Mailing-Lists
Jump to