{"id":"AZL-34441","summary":"CVE-2023-50868 affecting package unbound for versions less than 1.19.1-1","details":"The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.","modified":"2026-04-01T05:11:27.204614Z","published":"2024-02-14T16:15:45Z","upstream":["CVE-2023-50868"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50868"}],"affected":[{"package":{"name":"unbound","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/unbound"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.19.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34441.json"}}],"schema_version":"1.7.5"}