rpm package
suse/libuv&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
pkg:rpm/suse/libuv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-50868 | — | < 1.18.0-150000.3.2.1 | 1.18.0-150000.3.2.1 | Feb 14, 2024 | The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 51 | ||
| CVE-2023-50387 | — | < 1.18.0-150000.3.2.1 | 1.18.0-150000.3.2.1 | Feb 14, 2024 | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with man | ||
| CVE-2023-6516 | — | < 1.18.0-150000.3.2.1 | 1.18.0-150000.3.2.1 | Feb 13, 2024 | To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first alloc | ||
| CVE-2023-5517 | — | < 1.18.0-150000.3.2.1 | 1.18.0-150000.3.2.1 | Feb 13, 2024 | A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect ;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response | ||
| CVE-2023-4408 | — | < 1.18.0-150000.3.2.1 | 1.18.0-150000.3.2.1 | Feb 13, 2024 | The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. T |
- CVE-2023-50868Feb 14, 2024affected < 1.18.0-150000.3.2.1fixed 1.18.0-150000.3.2.1
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 51
- CVE-2023-50387Feb 14, 2024affected < 1.18.0-150000.3.2.1fixed 1.18.0-150000.3.2.1
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with man
- CVE-2023-6516Feb 13, 2024affected < 1.18.0-150000.3.2.1fixed 1.18.0-150000.3.2.1
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first alloc
- CVE-2023-5517Feb 13, 2024affected < 1.18.0-150000.3.2.1fixed 1.18.0-150000.3.2.1
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect ;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response
- CVE-2023-4408Feb 13, 2024affected < 1.18.0-150000.3.2.1fixed 1.18.0-150000.3.2.1
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. T