CVE-2023-2829
published 2023-06-21CVE-2023-2829: A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.
This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | bind9 | — | — |
| isc | bind | 9.16.8 – 9.16.41 | — |
| isc | bind | 9.18.11 – 9.18.15 | — |
| isc | bind_9 | 9.16.8-S1 – 9.16.41-S1 | — |
| isc | bind_9 | 9.18.11-S1 – 9.18.15-S1 | — |
| msrc | cbl2_bind_9.16.44-1_on_cbl_mariner_2.0 | — | — |