vulnerability

Huawei EulerOS: CVE-2023-3341: bind security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	09/20/2023	03/13/2024	01/30/2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

09/20/2023

Added

03/13/2024

Modified

01/30/2025

Description

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.
This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

Solution(s)

huawei-euleros-2_0_sp8-upgrade-bindhuawei-euleros-2_0_sp8-upgrade-bind-chroothuawei-euleros-2_0_sp8-upgrade-bind-export-develhuawei-euleros-2_0_sp8-upgrade-bind-export-libshuawei-euleros-2_0_sp8-upgrade-bind-libshuawei-euleros-2_0_sp8-upgrade-bind-libs-litehuawei-euleros-2_0_sp8-upgrade-bind-licensehuawei-euleros-2_0_sp8-upgrade-bind-pkcs11huawei-euleros-2_0_sp8-upgrade-bind-pkcs11-libshuawei-euleros-2_0_sp8-upgrade-bind-pkcs11-utilshuawei-euleros-2_0_sp8-upgrade-bind-utilshuawei-euleros-2_0_sp8-upgrade-python3-bind

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today