Vulnerabilities > CVE-2023-2911 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2023-06-21

Updated: 2023-07-03

Summary

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

Vulnerable Configurations

Part	Description	Count
Application	Isc ISC Bind 9.18.11 ISC Bind 9.18.7 ISC Bind 9.18.8 ISC Bind 9.18.10 ISC Bind 9.16.36 ISC Bind 9.16.37	8
Application	Netapp Netapp Active IQ Unified Manager -	1
OS	Debian Debian Debian Linux 11.0 Debian Debian Linux 12.0	2
OS	Fedoraproject Fedoraproject Fedora 37 Fedoraproject Fedora 38	2
OS	Netapp Netapp H700S Firmware - Netapp H300S Firmware - Netapp H410C Firmware - Netapp H410S Firmware - Netapp H500S Firmware -	5
Hardware	Netapp Netapp H700S - Netapp H300S - Netapp H410C - Netapp H410S - Netapp H500S -	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Vulnerabilities > CVE-2023-2911 - Out-of-bounds Write vulnerability in multiple products

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References