BIND named Crashes with DNS64 and Serve-Stale Interaction
CVE-2023-5679
7.5HIGH
Summary
A bad interaction between DNS64 and serve-stale may cause named
to crash with an assertion failure during recursive resolution, when both of these features are enabled.
This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Affected Version(s)
BIND 9 9.16.12 <= 9.16.45
BIND 9 9.18.0 <= 9.18.21
BIND 9 9.19.0 <= 9.19.19
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database