{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-2829","assignerOrgId":"404fd4d2-a609-4245-b543-2c944a302a22","state":"PUBLISHED","assignerShortName":"isc","dateReserved":"2023-05-22T07:57:43.061Z","datePublished":"2023-06-21T16:26:24.932Z","dateUpdated":"2025-02-13T16:48:38.687Z"},"containers":{"cna":{"providerMetadata":{"orgId":"404fd4d2-a609-4245-b543-2c944a302a22","shortName":"isc","dateUpdated":"2023-07-03T15:06:24.821Z"},"title":"Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled","datePublic":"2023-06-21T00:00:00.000Z","affected":[{"vendor":"ISC","product":"BIND 9","versions":[{"version":"9.16.8-S1","lessThanOrEqual":"9.16.41-S1","status":"affected","versionType":"custom"},{"version":"9.18.11-S1","lessThanOrEqual":"9.18.15-S1","status":"affected","versionType":"custom"}],"defaultStatus":"unaffected"}],"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH"}}],"descriptions":[{"lang":"en","value":"A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.\nThis issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1."}],"impacts":[{"descriptions":[{"lang":"en","value":"By sending specific queries to the resolver, an attacker can cause `named` to terminate unexpectedly.\n\nNote that the BIND configuration option `synth-from-dnssec` is enabled by default in all versions of BIND 9.18 and 9.18-S and newer. In earlier versions of BIND that had this option available, it was disabled unless activated explicitly in `named.conf`."}]}],"workarounds":[{"lang":"en","value":"Setting `synth-from-dnssec` to `no` prevents the problem."}],"exploits":[{"lang":"en","value":"We are not aware of any active exploits."}],"solutions":[{"lang":"en","value":"Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.42-S1 or 9.18.16-S1."}],"credits":[{"lang":"en","value":"ISC would like to thank Greg Kuechle from SaskTel for bringing this vulnerability to our attention."}],"references":[{"url":"https://kb.isc.org/docs/cve-2023-2829","name":"CVE-2023-2829","tags":["vendor-advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230703-0010/"}],"source":{"discovery":"EXTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T06:33:05.969Z"},"title":"CVE Program Container","references":[{"url":"https://kb.isc.org/docs/cve-2023-2829","name":"CVE-2023-2829","tags":["vendor-advisory","x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20230703-0010/","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-06T18:34:26.527193Z","id":"CVE-2023-2829","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-06T18:34:46.254Z"}}]}}