Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled

CVE-2023-2829

7.5HIGH

Key Information

Vendor: ISC
Status: BIND 9
Vendor: CVE Published:; 21 June 2023

Summary

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.

Affected Version(s)

BIND 9 <= 9.16.41-S1

BIND 9 <= 9.18.15-S1

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 21, 2023
Vulnerability Reserved.
May 22, 2023

Collectors

NVD DatabaseMitre Database

Credit

ISC would like to thank Greg Kuechle from SaskTel for bringing this vulnerability to our attention.