A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.
This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.
References
Link | Resource |
---|---|
https://kb.isc.org/docs/cve-2023-2829 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20230703-0010/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: isc
Published: 2023-06-21T16:26:24.932Z
Updated: 2023-06-21T16:26:24.932Z
Reserved: 2023-05-22T07:57:43.061Z
Link: CVE-2023-2829
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-21T17:15:47.770
Modified: 2023-07-03T19:11:00.110
Link: CVE-2023-2829
JSON object: View
Redhat Information
No data.
CWE