High CPU Load in DNS Message Parsing Code Affects BIND 9 Versions
CVE-2023-4408

7.5HIGH

Key Information:

Vendor

Isc
Status
Bind 9
Vendor
CVE Published:
13 February 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2023-4408?

The DNS message parsing code in the BIND 9 implementation has a section with overly high computational complexity, which is not problematic under standard DNS traffic but can result in excessive CPU load. This vulnerability can be exploited through specially crafted DNS queries and responses, affecting both authoritative servers and recursive resolvers. Users of BIND 9 who run versions from 9.0.0 to 9.16.45, 9.18.0 to 9.18.21, 9.19.0 to 9.19.19, and various S1 versions, should take precautions to mitigate potential impact.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIND 9 9.0.0 <= 9.16.45

BIND 9 9.18.0 <= 9.18.21

BIND 9 9.19.0 <= 9.19.19

References

https://kb.isc.org/docs/cve-2023-4408
vendor-advisory
http://www.openwall.com/lists/oss-security/2024/02/13/1
https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention.
JSON
.