fkie_cve-2023-5517
Vulnerability from fkie_nvd
Published
2024-02-13 14:15
Modified
2024-11-21 08:41
Severity ?
Summary
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:
- `nxdomain-redirect <domain>;` is configured, and
- the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.
This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netapp | active_iq_unified_manager | - | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| isc | bind | * | |
| isc | bind | * | |
| isc | bind | * | |
| isc | bind | 9.16.8 | |
| isc | bind | 9.16.11 | |
| isc | bind | 9.16.12 | |
| isc | bind | 9.16.13 | |
| isc | bind | 9.16.14 | |
| isc | bind | 9.16.21 | |
| isc | bind | 9.16.32 | |
| isc | bind | 9.16.36 | |
| isc | bind | 9.16.43 | |
| isc | bind | 9.16.45 | |
| isc | bind | 9.18.11 | |
| isc | bind | 9.18.18 | |
| isc | bind | 9.18.21 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", matchCriteriaId: "D4DCB2AB-E5FC-419F-B928-293EA038E376", versionEndIncluding: "9.16.45", versionStartIncluding: "9.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", matchCriteriaId: "A1F6FD2C-94DA-4D48-BC8F-D1B118BC9629", versionEndIncluding: "9.18.21", versionStartIncluding: "9.18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", matchCriteriaId: "6D929353-790C-47DA-BB73-D94D403FA14D", versionEndIncluding: "9.19.19", versionStartIncluding: "9.19.0", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "288EAD80-574B-4839-9C2C-81D6D088A733", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "3595F024-F910-4356-8B5B-D478960FF574", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.12:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "1B20F152-D0C3-4F07-83B3-5EA6B116F005", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "94661BA2-27F8-4FFE-B844-9404F735579D", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "53593603-E2AF-4925-A6E6-109F097A0FF2", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "751E37C2-8BFD-4306-95C1-8C01CE495FA4", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "CC432820-F1A2-4132-A673-2620119553C5", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.36:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "F70347F2-6750-4497-B8F4-2036F4F4443A", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.43:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "A4B53B73-DB81-4AC1-A4E6-89BB305D6514", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.16.45:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "EC7357C9-AD62-4B7E-B013-780108BA562E", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "16A7E0D1-35A1-4899-9FF2-14279C137C14", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.18.18:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "0233AEF2-9911-48AE-AE97-F217E3337AAF", vulnerable: true, }, { criteria: "cpe:2.3:a:isc:bind:9.18.21:s1:*:*:supported_preview:*:*:*", matchCriteriaId: "DFE3AE03-DBB5-4891-8EF2-BF30AA6F66FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n - `nxdomain-redirect <domain>;` is configured, and\n - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.", }, { lang: "es", value: "Una falla en el código de manejo de consultas puede causar que `named` se cierre prematuramente con un error de aserción cuando: - `nxdomain-redirect ;` está configurado, y - el solucionador recibe una consulta PTR para una dirección RFC 1918 que normalmente dar como resultado una respuesta NXDOMAIN autorizada. Este problema afecta a las versiones de BIND 9, 9.12.0 a 9.16.45, 9.18.0 a 9.18.21, 9.19.0 a 9.19.19, 9.16.8-S1 a 9.16.45-S1 y 9.18.11-S1 a 9.18. .21-S1.", }, ], id: "CVE-2023-5517", lastModified: "2024-11-21T08:41:55.487", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-officer@isc.org", type: "Primary", }, ], }, published: "2024-02-13T14:15:45.510", references: [ { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/02/13/1", }, { source: "security-officer@isc.org", tags: [ "Vendor Advisory", ], url: "https://kb.isc.org/docs/cve-2023-5517", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", }, { source: "security-officer@isc.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", }, { source: "security-officer@isc.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240503-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/02/13/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.isc.org/docs/cve-2023-5517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240503-0006/", }, ], sourceIdentifier: "security-officer@isc.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-617", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-617", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.