CVE-2023-2911

2023-06-2100:00:00

ubuntu.com

cve-2023-2911; bind 9; resolver; stack overflow; vulnerability; serve-stale; isc-dhcp; unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

49.4%

JSON

If the recursive-clients quota is reached on a BIND 9 resolver configured
with both stale-answer-enable yes; and stale-answer-client-timeout 0;,
a sequence of serve-stale-related lookups could cause named to loop and
terminate unexpectedly due to a stack overflow. This issue affects BIND 9
versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1
through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

Notes

Author	Note
alexmurray	As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs
mdeslaur	per upstream, affects 9.16.33 -> 9.16.41 and 9.18.7 -> 9.18.15 doesn’t affect 9.11.x in bind9-libs or isc-dhcp

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchbind9< 1:9.16.1-0ubuntu2.15UNKNOWN
ubuntu22.04noarchbind9< 1:9.18.12-0ubuntu0.22.04.2UNKNOWN
ubuntu22.10noarchbind9< 1:9.18.12-0ubuntu0.22.10.2UNKNOWN
ubuntu23.04noarchbind9< 1:9.18.12-1ubuntu1.1UNKNOWN
ubuntu23.10noarchbind9< 1:9.18.12-1ubuntu2UNKNOWN
ubuntu24.04noarchbind9< 1:9.18.12-1ubuntu2UNKNOWN
ubuntu18.04noarchisc-dhcp< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	bind9	< 1:9.16.1-0ubuntu2.15	UNKNOWN
ubuntu	22.04	noarch	bind9	< 1:9.18.12-0ubuntu0.22.04.2	UNKNOWN
ubuntu	22.10	noarch	bind9	< 1:9.18.12-0ubuntu0.22.10.2	UNKNOWN
ubuntu	23.04	noarch	bind9	< 1:9.18.12-1ubuntu1.1	UNKNOWN
ubuntu	23.10	noarch	bind9	< 1:9.18.12-1ubuntu2	UNKNOWN
ubuntu	24.04	noarch	bind9	< 1:9.18.12-1ubuntu2	UNKNOWN
ubuntu	18.04	noarch	isc-dhcp	< any	UNKNOWN