DNS Name Resolution Vulnerability in dnspython Affecting Eventlet
CVE-2023-29483

7HIGH

Key Information:

Vendor: Eventlet
Status: Eventlet
Vendor: CVE Published:; 11 April 2024

What is CVE-2023-29483?

The vulnerability in dnspython versions prior to 2.6.0, when used alongside Eventlet, allows remote attackers to interfere with DNS name resolution. Attackers can exploit this by sending a stream of invalid packets from a seemingly valid IP address and source port. Due to the lack of an effective handling mechanism, dnspython fails to wait for a valid response within a designated timeframe, thereby leading to potential service disruption. While dnspython 2.6.0 introduced problematic functionalities, the subsequent release, 2.6.1, addresses these issues, making it critical for users to stay updated to maintain the integrity of DNS operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.dnspython.org/

https://github.com/rthalley/dnspython/releases/tag/v2.6.0

https://github.com/rthalley/dnspython/issues/1045

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2024
Vulnerability Reserved
Apr 7, 2023

JSON

Eventlet

What is CVE-2023-29483?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.