CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
49.4%
If the recursive-clients
quota is reached on a BIND 9 resolver configured
with both stale-answer-enable yes;
and stale-answer-client-timeout 0;
,
a sequence of serve-stale-related lookups could cause named
to loop and
terminate unexpectedly due to a stack overflow. This issue affects BIND 9
versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1
through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
Author | Note |
---|---|
alexmurray | As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs |
mdeslaur | per upstream, affects 9.16.33 -> 9.16.41 and 9.18.7 -> 9.18.15 doesn’t affect 9.11.x in bind9-libs or isc-dhcp |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | bind9 | < 1:9.16.1-0ubuntu2.15 | UNKNOWN |
ubuntu | 22.04 | noarch | bind9 | < 1:9.18.12-0ubuntu0.22.04.2 | UNKNOWN |
ubuntu | 22.10 | noarch | bind9 | < 1:9.18.12-0ubuntu0.22.10.2 | UNKNOWN |
ubuntu | 23.04 | noarch | bind9 | < 1:9.18.12-1ubuntu1.1 | UNKNOWN |
ubuntu | 23.10 | noarch | bind9 | < 1:9.18.12-1ubuntu2 | UNKNOWN |
ubuntu | 24.04 | noarch | bind9 | < 1:9.18.12-1ubuntu2 | UNKNOWN |
ubuntu | 18.04 | noarch | isc-dhcp | < any | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
49.4%