{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-2911","assignerOrgId":"404fd4d2-a609-4245-b543-2c944a302a22","state":"PUBLISHED","assignerShortName":"isc","dateReserved":"2023-05-26T11:20:45.872Z","datePublished":"2023-06-21T16:26:36.587Z","dateUpdated":"2025-02-13T16:49:00.351Z"},"containers":{"cna":{"providerMetadata":{"orgId":"404fd4d2-a609-4245-b543-2c944a302a22","shortName":"isc","dateUpdated":"2023-07-03T15:06:21.382Z"},"title":"Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0","datePublic":"2023-06-21T00:00:00.000Z","affected":[{"vendor":"ISC","product":"BIND 9","versions":[{"version":"9.16.33","lessThanOrEqual":"9.16.41","status":"affected","versionType":"custom"},{"version":"9.18.7","lessThanOrEqual":"9.18.15","status":"affected","versionType":"custom"},{"version":"9.16.33-S1","lessThanOrEqual":"9.16.41-S1","status":"affected","versionType":"custom"},{"version":"9.18.11-S1","lessThanOrEqual":"9.18.15-S1","status":"affected","versionType":"custom"}],"defaultStatus":"unaffected"}],"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH"}}],"descriptions":[{"lang":"en","value":"If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.\nThis issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1."}],"impacts":[{"descriptions":[{"lang":"en","value":"By sending specific queries to the resolver, an attacker can cause `named` to terminate unexpectedly."}]}],"workarounds":[{"lang":"en","value":"Setting `stale-answer-client-timeout` to `off` or to a non-zero value prevents the issue.\n\nUsers of versions 9.18.10, 9.16.36, 9.16.36-S1 or older who are unable to upgrade should set `stale-answer-client-timeout` to `off`; using a non-zero value with these older versions leaves `named` vulnerable to CVE-2022-3924.\n\nAlthough it is possible to set the `recursive-clients` limit to a high number to reduce the likelihood of this scenario, this is not recommended; the limit on `recursive-clients` is important for preventing exhaustion of server resources. The limit cannot be disabled entirely."}],"exploits":[{"lang":"en","value":"This flaw was discovered in internal testing. We are not aware of any active exploits."}],"solutions":[{"lang":"en","value":"Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.42, 9.18.16, 9.16.42-S1, or 9.18.16-S1."}],"references":[{"url":"https://kb.isc.org/docs/cve-2023-2911","name":"CVE-2023-2911","tags":["vendor-advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/06/21/6"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/"},{"url":"https://www.debian.org/security/2023/dsa-5439"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/"},{"url":"https://security.netapp.com/advisory/ntap-20230703-0010/"}],"source":{"discovery":"INTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T06:41:03.760Z"},"title":"CVE Program Container","references":[{"url":"https://kb.isc.org/docs/cve-2023-2911","name":"CVE-2023-2911","tags":["vendor-advisory","x_transferred"]},{"url":"http://www.openwall.com/lists/oss-security/2023/06/21/6","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/","tags":["x_transferred"]},{"url":"https://www.debian.org/security/2023/dsa-5439","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20230703-0010/","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-06T18:32:18.833805Z","id":"CVE-2023-2911","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-06T18:32:26.092Z"}}]}}