7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
51.9%
The code that processes control channel messages sent to named
calls
certain functions recursively during packet parsing. Recursion depth is
only limited by the maximum accepted packet size; depending on the
environment, this may cause the packet-parsing code to run out of available
stack memory, causing named
to terminate unexpectedly. Since each
incoming control channel message is fully parsed before its contents are
authenticated, exploiting this flaw does not require the attacker to hold a
valid RNDC key; only network access to the control channel’s configured TCP
port is necessary. This issue affects BIND 9 versions 9.2.0 through
9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through
9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.
Author | Note |
---|---|
alexmurray | As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs |
mdeslaur | I don’t believe this issue applies to the bind9 libs in isc-dhcp, marking as not-affected |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | bind9 | < 1:9.11.3+dfsg-1ubuntu1.19+esm2 | UNKNOWN |
ubuntu | 20.04 | noarch | bind9 | < 1:9.16.1-0ubuntu2.16 | UNKNOWN |
ubuntu | 22.04 | noarch | bind9 | < 1:9.18.12-0ubuntu0.22.04.3 | UNKNOWN |
ubuntu | 23.04 | noarch | bind9 | < 1:9.18.12-1ubuntu1.2 | UNKNOWN |
ubuntu | 23.10 | noarch | bind9 | < 1:9.18.18-0ubuntu2 | UNKNOWN |
ubuntu | 24.04 | noarch | bind9 | < 1:9.18.18-0ubuntu2 | UNKNOWN |
ubuntu | 14.04 | noarch | bind9 | < 1:9.9.5.dfsg-3ubuntu0.19+esm11 | UNKNOWN |
ubuntu | 16.04 | noarch | bind9 | < 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7 | UNKNOWN |
ubuntu | 18.04 | noarch | isc-dhcp | < any | UNKNOWN |