Large ECS Record Cache Impairs Query Performance
CVE-2023-5680
5.3MEDIUM
Summary
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Affected Version(s)
BIND 9 9.11.3-S1 <= 9.11.37-S1
BIND 9 9.16.8-S1 <= 9.16.45-S1
BIND 9 9.18.11-S1 <= 9.18.21-S1
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
ISC would like to thank Yann Kerherve and Ask Bjørn Hansen for bringing this vulnerability to our attention.