Vulnerability DatabaseCVE-2023-29483
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-29483
April 11, 2024
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
Affected Packages
dnspython (PYTHON):
Affected version(s) >=1.0.0 <2.6.1
Fix Suggestion:
Update to version 2.6.1
eventlet (PYTHON):
Affected version(s) >=0.2 <0.35.2
Fix Suggestion:
Update to version 0.35.2
Related ResourcesĀ (21)
https://github.com/rthalley/dnspython/releases/tag/v2.6.0
https://nvd.nist.gov/vuln/detail/CVE-2023-29483
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/
https://github.com/eventlet/eventlet/releases/tag/v0.35.2
https://www.dnspython.org
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/
https://security-tracker.debian.org/tracker/CVE-2023-29483
https://security.netapp.com/advisory/ntap-20240510-0001/
https://github.com/eventlet/eventlet/commit/51e3c4928d4938beb576eff34f3bf97e6e64e6b4
https://github.com/rthalley/dnspython/commit/0ea5ad0a4583e1f519b9bcc67cfac381230d9cf2
https://github.com/rthalley/dnspython/issues/1045
https://security.netapp.com/advisory/ntap-20240510-0001
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/
https://github.com/eventlet/eventlet/issues/913
https://www.dnspython.org/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF
https://github.com/eventlet/eventlet
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.0
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
HIGH
Weakness Type (CWE)
Incorrect Behavior Order
CWE-696
EPSS
Base Score:
5.0