CVE-2023-2911

NameCVE-2023-2911
DescriptionIf the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5439-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)bullseye (security), bullseye1:9.16.48-1fixed
bookworm, bookworm (security)1:9.18.24-1fixed
sid, trixie1:9.19.24-185-g392e7199df2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcebuster(not affected)
bind9sourcebullseye1:9.16.42-1~deb11u1DSA-5439-1
bind9sourcebookworm1:9.18.16-1~deb12u1DSA-5439-1
bind9source(unstable)1:9.18.16-1

Notes

[buster] - bind9 <not-affected> (Vulnerable code not present; libns added in 9.19.14)
https://kb.isc.org/docs/cve-2023-2911
https://downloads.isc.org/isc/bind9/9.18.16/patches/0003-CVE-2023-2911.patch
https://downloads.isc.org/isc/bind9/9.16.42/patches/0003-CVE-2023-2911.patch

Search for package or bug name: Reporting problems