Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0

CVE-2023-2911

7.5HIGH

Key Information

Vendor: ISC
Status: BIND 9
Vendor: CVE Published:; 21 June 2023

Summary

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

Affected Version(s)

BIND 9 <= 9.16.41

BIND 9 <= 9.18.15

BIND 9 <= 9.16.41-S1

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 21, 2023
Vulnerability Reserved.
May 26, 2023

Collectors

NVD DatabaseMitre Database