vulnerability

SUSE: CVE-2023-3341: SUSE Linux Security Advisory

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2023-09-20
Added
2023-09-25
Modified
2025-01-28

Description

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.
This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

Solution(s)

suse-upgrade-bindsuse-upgrade-bind-chrootenvsuse-upgrade-bind-develsuse-upgrade-bind-devel-32bitsuse-upgrade-bind-docsuse-upgrade-bind-utilssuse-upgrade-libbind9-1600suse-upgrade-libbind9-1600-32bitsuse-upgrade-libbind9-161suse-upgrade-libdns1110suse-upgrade-libdns1605suse-upgrade-libdns1605-32bitsuse-upgrade-libirs-develsuse-upgrade-libirs1601suse-upgrade-libirs1601-32bitsuse-upgrade-libirs161suse-upgrade-libisc1107suse-upgrade-libisc1107-32bitsuse-upgrade-libisc1606suse-upgrade-libisc1606-32bitsuse-upgrade-libisccc1600suse-upgrade-libisccc1600-32bitsuse-upgrade-libisccc161suse-upgrade-libisccfg1600suse-upgrade-libisccfg1600-32bitsuse-upgrade-libisccfg163suse-upgrade-liblwres161suse-upgrade-libns1604suse-upgrade-libns1604-32bitsuse-upgrade-python-bindsuse-upgrade-python3-bind

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today