gsd-2023-5679
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.
This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Aliases
Aliases
{ GSD: { alias: "CVE-2023-5679", id: "GSD-2023-5679", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-5679", ], details: "A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.", id: "GSD-2023-5679", modified: "2023-12-13T01:20:51.122130Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security-officer@isc.org", ID: "CVE-2023-5679", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BIND 9", version: { version_data: [ { version_affected: "<=", version_name: "9.16.12", version_value: "9.16.45", }, { version_affected: "<=", version_name: "9.18.0", version_value: "9.18.21", }, { version_affected: "<=", version_name: "9.19.0", version_value: "9.19.19", }, { version_affected: "<=", version_name: "9.16.12-S1", version_value: "9.16.45-S1", }, { version_affected: "<=", version_name: "9.18.11-S1", version_value: "9.18.21-S1", }, ], }, }, ], }, vendor_name: "ISC", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.", }, ], }, exploit: [ { lang: "en", value: "We are not aware of any active exploits.", }, ], impact: { cvss: [ { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.isc.org/docs/cve-2023-5679", refsource: "MISC", url: "https://kb.isc.org/docs/cve-2023-5679", }, { name: "http://www.openwall.com/lists/oss-security/2024/02/13/1", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2024/02/13/1", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", }, { name: "https://security.netapp.com/advisory/ntap-20240426-0002/", refsource: "MISC", url: "https://security.netapp.com/advisory/ntap-20240426-0002/", }, ], }, solution: [ { lang: "en", value: "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, or 9.18.24-S1.", }, ], source: { discovery: "EXTERNAL", }, work_around: [ { lang: "en", value: "Disabling serve-stale (with `stale-cache-enable no;` and `stale-answer-enable no;`) and/or disabling `dns64` makes the faulty code path impossible to reach, preventing this flaw from being exploitable.", }, ], }, "nvd.nist.gov": { cve: { descriptions: [ { lang: "en", value: "A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.", }, { lang: "es", value: "Una mala interacción entre DNS64 y el servidor obsoleto puede causar que \"named\" falle con una falla de aserción durante la resolución recursiva, cuando ambas funciones están habilitadas. Este problema afecta a las versiones de BIND 9, 9.16.12 a 9.16.45, 9.18.0 a 9.18.21, 9.19.0 a 9.19.19, 9.16.12-S1 a 9.16.45-S1 y 9.18.11-S1 a 9.18. .21-S1.", }, ], id: "CVE-2023-5679", lastModified: "2024-04-26T09:15:08.843", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-officer@isc.org", type: "Primary", }, ], }, published: "2024-02-13T14:15:45.677", references: [ { source: "security-officer@isc.org", url: "http://www.openwall.com/lists/oss-security/2024/02/13/1", }, { source: "security-officer@isc.org", url: "https://kb.isc.org/docs/cve-2023-5679", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", }, { source: "security-officer@isc.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", }, { source: "security-officer@isc.org", url: "https://security.netapp.com/advisory/ntap-20240426-0002/", }, ], sourceIdentifier: "security-officer@isc.org", vulnStatus: "Awaiting Analysis", }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.