7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.9%
Medium
Canonical Ubuntu
It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run sudo pro fix USN-6421-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libisc160 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisccc-export140-udeb – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libdns162 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libbind-dev – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libbind9-140 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisccc-export140 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisccfg-export140 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 bind9 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisc-export160 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 bind9-doc – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libbind-export-dev – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisccc140 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 host – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libisccfg140 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 bind9-host – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 dnsutils – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libdns-export162 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 bind9utils – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 liblwres141 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libirs141 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 libirs-export141 – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 lwresd – 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro
CVEs contained in this USN include: CVE-2023-3341.
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2023-12-04: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
cf deployment | lt | 30.0.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.9%