Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-4408

Опубликовано: 13 фев. 2024
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netapp:ontap:9.14.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap:9.15.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
Версия от 9.0.0 (включая) до 9.16.45 (включая)
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
Версия от 9.18.0 (включая) до 9.18.21 (включая)
cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
Версия от 9.19.0 (включая) до 9.19.19 (включая)
cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.12:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.36:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.16.43:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.18.0:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*
cpe:2.3:a:isc:bind:9.18.18:s1:*:*:supported_preview:*:*:*

EPSS

Процентиль: 45%
0.00224
Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-407

Связанные уязвимости

ubuntu логотип

CVE-2023-4408

CVSS3: 7.5
ubuntu
больше 1 года назад

The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

redhat логотип

CVE-2023-4408

CVSS3: 7.5
redhat
больше 1 года назад

The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

msrc логотип

CVE-2023-4408

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-4408

CVSS3: 7.5
debian
больше 1 года назад

The DNS message parsing code in `named` includes a section whose compu ...

github логотип

GHSA-x57x-3c65-5f3j

CVSS3: 7.5
github
больше 1 года назад

The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

EPSS

Процентиль: 45%
0.00224
Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-407