Isc Bind vulnerabilities

CVE-2023-50387 [HIGH] CWE-770 CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow r Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an al

CVE-2023-50868 [HIGH] CWE-400 CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iter

CVE-2023-6516 [HIGH] CWE-770 CVE-2023-6516: To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the res

CVE-2023-5679 [HIGH] CWE-617 CVE-2023-5679: A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

CVE-2023-4408 [HIGH] CWE-407 CVE-2023-4408: The DNS message parsing code in `named` includes a section whose computational complexity is overly The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This i

CVE-2023-5517 [HIGH] CWE-617 CVE-2023-5517: A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect ;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.1

CVE-2023-5680 [MEDIUM] CVE-2023-5680: If a resolver cache has a very large number of ECS records stored for the same name, the process of If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

CVE-2023-4236 [HIGH] CWE-617 CVE-2023-4236: A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpecte A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.

CVE-2023-3341 [HIGH] CWE-787 CVE-2023-3341: The code that processes control channel messages sent to `named` calls certain functions recursively The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each i

CVE-2023-2828 [HIGH] CWE-770 CVE-2023-2828: Every `named` instance configured to run as a recursive resolver maintains a cache database holding Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available

CVE-2023-2911 [HIGH] CWE-787 CVE-2023-2911: If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer- If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15

CVE-2023-2829 [HIGH] CVE-2023-2829: A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive U A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.

CVE-2022-3488 [HIGH] CWE-617 CVE-2022-3488: Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue af

CVE-2022-3736 [HIGH] CWE-20 CVE-2022-3736: BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-clien BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

CVE-2022-3924 [HIGH] CWE-617 CVE-2022-3924: This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the opt This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If the

CVE-2022-3094 [HIGH] CWE-416 CVE-2022-3094: Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update

CVE-2022-38178 [HIGH] CWE-401 CVE-2022-38178: By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker ca By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

CVE-2022-2881 [MEDIUM] CWE-125 CVE-2022-2881: The underlying bug might cause read past end of the buffer and either read memory it should not read The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

CVE-2022-2906 [HIGH] CWE-401 CVE-2022-2906: An attacker can leverage this flaw to gradually erode available memory to the point where named cras An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

CVE-2022-3080 [HIGH] CWE-613 CVE-2022-3080: By sending specific queries to the resolver, an attacker can cause named to crash. By sending specific queries to the resolver, an attacker can cause named to crash.