Denial of Service Vulnerability in Technitium DNS Resolvers
CVE-2023-28455

7.5HIGH

Key Information:

Vendor: Technitium
Status: Dnsserver
Vendor: CVE Published:; 18 September 2024

What is CVE-2023-28455?

A vulnerability in the Technitium DNS Server, specifically in the forwarding mode, has been identified that enables malicious actors to craft a query loop. This can lead to amplification attacks, resulting in significant service interruptions and potential denial of service situations. The issue primarily impacts versions up to 11.0.2 and poses a serious threat to the integrity and availability of DNS services. Organizations using affected versions should assess their systems for susceptibility and consider remediation strategies to prevent exploitation.

References

https://technitium.com/dns/

https://gist.github.com/idealeer/89947ca07836fd0f7e976119...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Mar 15, 2023

CVE-2023-28455 Data

JSON