PT-2024-12218 · Dnspython+10 · Dnspython+10

Rthalley

Published

2024-02-09

Updated

2026-03-09

CVE-2023-29483

CVSS v3.1

7.0

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions dnspython versions prior to 2.6.1 eventlet versions prior to 0.35.2

Description The issue allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, also known as a "TuDoor" attack. This occurs because the DNS name resolution algorithm does not wait for a valid packet within the full time window, due to the behavior of eventlet and dnspython.

Recommendations For dnspython versions prior to 2.6.1, update to version 2.6.1 or later. For eventlet versions prior to 0.35.2, update to version 0.35.2 or later.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-292CWE-20CWE-696

Related Identifiers

ALSA-2024:3275

ALSA-2024:9423

ALT-PU-2024-3293

BDU:2025-03301

CESA-2024_3275

CVE-2023-29483

GHSA-3RQ5-2G8H-59HC

INFSA-2024_3275

INFSA-2024_9423

OESA-2025-1138

OESA-2025-1139

OPENSUSE-SU-2024:14047-1

OPENSUSE-SU-2024:14062-1

OPENSUSE-SU-2024_2655-1

OPENSUSE-SU-2024_3298-1

OPENSUSE-SU-2026:10312-1

RHSA-2024:0045

RHSA-2024:3275

RHSA-2024:9423

RHSA-2024_3275

RHSA-2024_9423

RLSA-2024:3275

RLSA-2024:9423

SUSE-SU-2024:2605-1

SUSE-SU-2024:2626-1

SUSE-SU-2024:2655-1

SUSE-SU-2024:3297-1

SUSE-SU-2024:3298-1

SUSE-SU-2024_2605-1

SUSE-SU-2024_2655-1

SUSE-SU-2024_3297-1

SUSE-SU-2024_3298-1

SUSE-SU-2025:20119-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Red Hat

Red Os

Rocky Linux

Suse

Zvirt Node

Dnspython

Eventlet

PT-2024-12218 · Dnspython+10 · Dnspython+10

CVE-2023-29483

Weakness Enumeration

Related Identifiers

Affected Products

References · 76