Premature Exit and Assertion Failure in BIND 9 Due to Query-Handling Code Flaw
CVE-2023-5517

7.5HIGH

Key Information:

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 13 February 2024

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the query-handling code of BIND 9 DNS servers, leading to a potential premature exit due to an assertion failure. This occurs when the server is configured with nxdomain-redirect <domain>;, in conjunction with receiving a PTR query for an RFC 1918 address, typically resulting in an authoritative NXDOMAIN response. The flaw affects several versions of BIND 9, indicating a risk that could impact DNS resolution across various network environments, necessitating timely updates and mitigations by system administrators.

Affected Version(s)

BIND 9 9.12.0 <= 9.16.45

BIND 9 9.18.0 <= 9.18.21

BIND 9 9.19.0 <= 9.19.19

References

https://kb.isc.org/docs/cve-2023-5517

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/02/13/1

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 22, 2024
Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Oct 11, 2023