CVE-2023-6516

CWE-770Allocation without LimitsCWE-789CWE-400Uncontrolled Resource Consumption9 documents8 sources
Severity
7.5HIGH
EPSS
0.2%
top 60.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ISC Bind 9ISC Bind
Timeline
PublishedFeb 13
Latest updateFeb 19

Description

To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

Alpinebind< 9.16.48-r0+7
Debianbind9< 1:9.16.48-1+3
NVDisc/bind9.16.09.16.45+10
CVEListV5isc/bind_99.16.09.16.45+1

🔴Vulnerability Details

4
OSV
CVE-2023-6516: To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database2024-02-13
GHSA
GHSA-8mxm-4gjm-vrc7: To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database2024-02-13
OSV
CVE-2023-6516: To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database2024-02-13
CVEList
Specific recursive query patterns may lead to an out-of-memory condition2024-02-13

📋Vendor Advisories

4
Ubuntu
Bind vulnerabilities2024-02-19
Red Hat
bind9: Specific recursive query patterns may lead to an out-of-memory condition2024-02-13
Microsoft
Specific recursive query patterns may lead to an out-of-memory condition2024-02-13
Debian
CVE-2023-6516: bind9 - To keep its cache database efficient, `named` running as a recursive resolver oc...2023