If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.
This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/06/21/6 | Mailing List Patch Third Party Advisory |
https://kb.isc.org/docs/cve-2023-2911 | Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/ | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230703-0010/ | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5439 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: isc
Published: 2023-06-21T16:26:36.587Z
Updated: 2023-06-21T16:26:36.587Z
Reserved: 2023-05-26T11:20:45.872Z
Link: CVE-2023-2911
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-21T17:15:47.827
Modified: 2023-07-03T19:09:45.463
Link: CVE-2023-2911
JSON object: View
Redhat Information
No data.
CWE