CVE-2023-28451

An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit would be widespread and highly impactful, because the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/idealeer/89947ca07836fd0f7e9761198ca9a0f3.	Broken Link
https://technitium.com/dns/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:technitium:dnsserver:11.0.2:*:*:*:*:*:*:*

History

22 Apr 2025, 14:18

Type	Values Removed	Values Added
CPE		cpe:2.3:a:technitium:dnsserver:11.0.2:::::::*
First Time		Technitium dnsserver Technitium
References	~~() https://gist.github.com/idealeer/89947ca07836fd0f7e9761198ca9a0f3. -~~	() https://gist.github.com/idealeer/89947ca07836fd0f7e9761198ca9a0f3. - Broken Link
References	~~() https://technitium.com/dns/ -~~	() https://technitium.com/dns/ - Product

Information

Published : 2024-09-18 15:15

Updated : 2025-04-22 14:18

NVD link : CVE-2023-28451

Mitre link : CVE-2023-28451

CVE.ORG link : CVE-2023-28451

JSON object : View

Products Affected

technitium

dnsserver

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2023-28451", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-09-18T15:15:13.900", "references": [{"url": "https://gist.github.com/idealeer/89947ca07836fd0f7e9761198ca9a0f3.", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://technitium.com/dns/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit would be widespread and highly impactful, because the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Technitium 11.0.2. Existe una vulnerabilidad (denominada BadDNS) en el software de resoluci\u00f3n de DNS, que hace que un solucionador ignore las respuestas v\u00e1lidas, lo que provoca una denegaci\u00f3n de servicio (DoS) para una resoluci\u00f3n normal. Los efectos de una explotaci\u00f3n ser\u00edan generalizados y de gran impacto, porque el atacante podr\u00eda simplemente falsificar una respuesta dirigida al puerto de origen de un solucionador vulnerable sin necesidad de adivinar el TXID correcto."}], "lastModified": "2025-04-22T14:18:15.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:technitium:dnsserver:11.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEEBE7B3-3742-4A49-97C2-18AFC6BD3368"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}