CVE-2023-28456

An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS.
Configurations

Configuration 1 (hide)

cpe:2.3:a:technitium:dnsserver:*:*:*:*:*:*:*:*

History

22 Apr 2025, 14:19

Type Values Removed Values Added
CPE cpe:2.3:a:technitium:dnsserver:*:*:*:*:*:*:*:*
First Time Technitium dnsserver
Technitium
References () https://gist.github.com/idealeer/89947ca07836fd0f7e9761198ca9a0f3 - () https://gist.github.com/idealeer/89947ca07836fd0f7e9761198ca9a0f3 - Third Party Advisory
References () https://technitium.com/dns/ - () https://technitium.com/dns/ - Product

Information

Published : 2024-09-18 15:15

Updated : 2025-04-22 14:19


NVD link : CVE-2023-28456

Mitre link : CVE-2023-28456

CVE.ORG link : CVE-2023-28456


JSON object : View

Products Affected

technitium

  • dnsserver
CWE
CWE-406

Insufficient Control of Network Message Volume (Network Amplification)