Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2023-2828

Published: 21 June 2023

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

Notes

AuthorNote
alexmurray
As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
bind9
Launchpad, Ubuntu, Debian
bionic
Released (1:9.11.3+dfsg-1ubuntu1.19+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
trusty
Released (1:9.9.5.dfsg-3ubuntu0.19+esm10)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
xenial
Released (1:9.10.3.dfsg.P4-8ubuntu1.19+esm6)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
focal
Released (1:9.16.1-0ubuntu2.15)
jammy
Released (1:9.18.12-0ubuntu0.22.04.2)
kinetic
Released (1:9.18.12-0ubuntu0.22.10.2)
lunar
Released (1:9.18.12-1ubuntu1.1)
upstream
Released (9.16.42,9.18.16,9.19.14)
Patches:
upstream: https://downloads.isc.org/isc/bind9/9.16.42/patches/0001-CVE-2023-2828.patch
upstream: https://downloads.isc.org/isc/bind9/9.18.16/patches/0001-CVE-2023-2828.patch
isc-dhcp
Launchpad, Ubuntu, Debian
trusty Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
bionic Needs triage

focal Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
kinetic Ignored
(end of life, was needs-triage)
lunar Needs triage

upstream Needs triage

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H