Vulnerabilities > CVE-2023-4236 - Reachable Assertion vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2023-09-20

Updated: 2024-02-01

Summary

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.

Vulnerable Configurations

Part	Description	Count
Application	Isc ISC Bind 9.18.18 ISC Bind 9.18.0 ISC Bind 9.18.1 ISC Bind 9.18.2 ISC Bind 9.18.3 ISC Bind 9.18.4 ISC Bind 9.18.5 ISC Bind 9.18.6 ISC Bind 9.18.7 ISC Bind 9.18.8 ISC Bind 9.18.10 ISC Bind 9.18.11	13
OS	Fedoraproject Fedoraproject Fedora 37 Fedoraproject Fedora 38 Fedoraproject Fedora 39	3
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 11.0	2
OS	Netapp Netapp H300S Firmware - Netapp H500S Firmware - Netapp H700S Firmware - Netapp H410S Firmware - Netapp H410C Firmware -	5
Hardware	Netapp Netapp H300S - Netapp H500S - Netapp H700S - Netapp H410S - Netapp H410C -	5

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References