If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.
This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/06/21/6 | Mailing List Patch Third Party Advisory |
https://kb.isc.org/docs/cve-2023-2911 | Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/ | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230703-0010/ | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5439 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
03 Jul 2023, 19:09
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Debian Netapp h300s Firmware Netapp h410s Fedoraproject fedora Netapp h410s Firmware Netapp h500s Firmware Isc Netapp Netapp h410c Firmware Netapp active Iq Unified Manager Netapp h700s Netapp h410c Netapp h700s Firmware Netapp h300s Debian debian Linux Isc bind Netapp h500s |
|
References | (MISC) https://www.debian.org/security/2023/dsa-5439 - Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/ - Mailing List, Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/ - Mailing List, Third Party Advisory | |
References | (MISC) https://security.netapp.com/advisory/ntap-20230703-0010/ - Third Party Advisory | |
References | (MISC) http://www.openwall.com/lists/oss-security/2023/06/21/6 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://kb.isc.org/docs/cve-2023-2911 - Vendor Advisory | |
CPE | cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* |
|
CWE | CWE-787 |
03 Jul 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jun 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jun 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jun 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jun 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jun 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-21 17:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-2911
Mitre link : CVE-2023-2911
CVE.ORG link : CVE-2023-2911
JSON object : View
Products Affected
netapp
- h410c
- h500s
- h700s_firmware
- h410s
- h500s_firmware
- h700s
- h300s
- h300s_firmware
- active_iq_unified_manager
- h410s_firmware
- h410c_firmware
isc
- bind
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write