vulnerability

CentOS Linux: CVE-2023-3341: Important: bind security update (CESA-2023:5691)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	2023-09-20	2023-10-06	2025-01-28

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

2023-09-20

Added

2023-10-06

Modified

2025-01-28

Description

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.
This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

Solution(s)

centos-upgrade-bindcentos-upgrade-bind-chrootcentos-upgrade-bind-debuginfocentos-upgrade-bind-develcentos-upgrade-bind-export-develcentos-upgrade-bind-export-libscentos-upgrade-bind-libscentos-upgrade-bind-libs-litecentos-upgrade-bind-licensecentos-upgrade-bind-lite-develcentos-upgrade-bind-pkcs11centos-upgrade-bind-pkcs11-develcentos-upgrade-bind-pkcs11-libscentos-upgrade-bind-pkcs11-utilscentos-upgrade-bind-sdbcentos-upgrade-bind-sdb-chrootcentos-upgrade-bind-utils

References

NVD-CVE-2023-3341

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today