vulnerability

Red Hat: CVE-2023-3341: stack exhaustion in control channel code may lead to DoS (Multiple Advisories)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2023-09-20
Added
2023-10-06
Modified
2025-01-30

Description

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.
This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

Solution(s)

redhat-upgrade-bindredhat-upgrade-bind-chrootredhat-upgrade-bind-debuginforedhat-upgrade-bind-debugsourceredhat-upgrade-bind-develredhat-upgrade-bind-dnssec-docredhat-upgrade-bind-dnssec-utilsredhat-upgrade-bind-dnssec-utils-debuginforedhat-upgrade-bind-docredhat-upgrade-bind-export-develredhat-upgrade-bind-export-libsredhat-upgrade-bind-export-libs-debuginforedhat-upgrade-bind-libsredhat-upgrade-bind-libs-debuginforedhat-upgrade-bind-libs-literedhat-upgrade-bind-libs-lite-debuginforedhat-upgrade-bind-licenseredhat-upgrade-bind-lite-develredhat-upgrade-bind-pkcs11redhat-upgrade-bind-pkcs11-debuginforedhat-upgrade-bind-pkcs11-develredhat-upgrade-bind-pkcs11-libsredhat-upgrade-bind-pkcs11-libs-debuginforedhat-upgrade-bind-pkcs11-utilsredhat-upgrade-bind-pkcs11-utils-debuginforedhat-upgrade-bind-sdbredhat-upgrade-bind-sdb-chrootredhat-upgrade-bind-sdb-debuginforedhat-upgrade-bind-utilsredhat-upgrade-bind-utils-debuginforedhat-upgrade-bind9-16redhat-upgrade-bind9-16-chrootredhat-upgrade-bind9-16-debuginforedhat-upgrade-bind9-16-debugsourceredhat-upgrade-bind9-16-develredhat-upgrade-bind9-16-dnssec-utilsredhat-upgrade-bind9-16-dnssec-utils-debuginforedhat-upgrade-bind9-16-docredhat-upgrade-bind9-16-libsredhat-upgrade-bind9-16-libs-debuginforedhat-upgrade-bind9-16-licenseredhat-upgrade-bind9-16-utilsredhat-upgrade-bind9-16-utils-debuginforedhat-upgrade-python3-bindredhat-upgrade-python3-bind9-16

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today