CVE-2023-2829

Опубликовано: 21 июн. 2023

Источник: redhat

CVSS3: 7.5

Описание

A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (synth-from-dnssec) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.

A vulnerability was found in BIND. This security flaw occurs when a named instance is configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (synth-from-dnssec) enabled; remote termination can occur using a zone with a malformed NSEC record.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	bind	Not affected
Red Hat Enterprise Linux 7	bind	Not affected
Red Hat Enterprise Linux 8	bind	Not affected
Red Hat Enterprise Linux 8	bind9.16	Not affected
Red Hat Enterprise Linux 9	bind	Not affected
Red Hat Enterprise Linux 9	dhcp	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=2216581bind: DNSSEC-Validated cache can be remotely terminated with malformed NSEC record

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-2829

CVSS3: 7.5

ubuntu

больше 2 лет назад

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.