(mirror snapshot of: https://infosec.exchange/@tychotithonus/111924626712765292)
summary: new DNSSEC validation DoS vulnerabilities CVE-2023-50387 ("KeyTrap"), CVE-2023-50868 (NSEC3 vuln)
(living doc, updated regularly - if you prefer a low-edit post to boost, use https://infosec.exchange/@tychotithonus/111926621712441626)
Looks like DNS-OARC coordinated fixes in advance, but I don't see a centralized analysis, other than this announcement from the team who discovered KeyTrap: https://www.athene-center.de/en/news/press/key-trap ... and their technical paper: https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf