Vulnerability CVE-2023-2911: Information

Description

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-2911

Published: June 21, 2023

Modified: July 3, 2023

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
bind	sisyphus	9.16.42-alt1	9.18.27-alt1	ALT-PU-2023-2044-1	323428	Fixed
bind	sisyphus_e2k	9.16.42-alt1	9.18.27-alt1	ALT-PU-2023-3961-1	-	Fixed
bind	sisyphus_riscv64	9.16.42-alt1	9.18.27-alt1	ALT-PU-2023-4000-1	-	Fixed
bind	p10	9.16.42-alt1	9.16.48-alt1	ALT-PU-2023-2102-1	323491	Fixed
bind	p10_e2k	9.16.42-alt1	9.16.48-alt1	ALT-PU-2023-4058-1	-	Fixed
bind	c10f1	9.16.44-alt0.c10.1	9.16.48-alt0.c10f2.1	ALT-PU-2024-1988-2	340105	Fixed
bind	p11	9.16.42-alt1	9.18.27-alt1	ALT-PU-2023-2044-1	323428	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://kb.isc.org/docs/cve-2023-2911	Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/06/21/6	Mailing List Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/	Mailing List Third Party Advisory
https://www.debian.org/security/2023/dsa-5439	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20230703-0010/	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*
  Start including
  9.18.11
  End including
  9.18.15
  cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
  Start including
  9.18.7
  End including
  9.18.15
  cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*
  Start including
  9.16.33
  End including
  9.16.41
  cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
  Start including
  9.16.33
  End including
  9.16.41
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
  
  Configuration 5
  cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
  
  Configuration 6
  cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
  
  Configuration 7
  cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
  
  Configuration 8
  cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
  
  Configuration 9
  cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Version: v24.5.2

Vulnerability CVE-2023-2911: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9