Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled

CVE-2023-2829

7.5HIGH

Key Information

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 21 June 2023

Badges

👾 Exploit Exists

Summary

A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (synth-from-dnssec) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.

Affected Version(s)

BIND 9 9.16.8-S1 <= 9.16.41-S1

BIND 9 9.18.11-S1 <= 9.18.15-S1

References

https://kb.isc.org/docs/cve-2023-2829

vendor-advisory

https://security.netapp.com/advisory/ntap-20230703-0010/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Dec 6, 2024
Vulnerability published
Jun 21, 2023
Vulnerability Reserved
May 22, 2023

Collectors

NVD DatabaseMitre Database

Credit

ISC would like to thank Greg Kuechle from SaskTel for bringing this vulnerability to our attention.