Name | CVE-2023-3341 |
Description | The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-3726-1, DSA-5504-1 |
Debian Bugs | 1052416 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
bind9 (PTS) | bullseye | 1:9.16.50-1~deb11u2 | fixed |
bullseye (security) | 1:9.16.50-1~deb11u1 | fixed | |
bookworm, bookworm (security) | 1:9.18.28-1~deb12u2 | fixed | |
sid, trixie | 1:9.20.3-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
bind9 | source | buster | 1:9.11.5.P4+dfsg-5.1+deb10u10 | DLA-3726-1 | ||
bind9 | source | bullseye | 1:9.16.44-1~deb11u1 | DSA-5504-1 | ||
bind9 | source | bookworm | 1:9.18.19-1~deb12u1 | DSA-5504-1 | ||
bind9 | source | (unstable) | 1:9.19.17-1 | 1052416 |
https://kb.isc.org/docs/cve-2023-3341
https://gitlab.isc.org/isc-projects/bind9/-/commit/432a49a7b089da6340e56d402034a586bc69f80e (v9.18.19)
https://gitlab.isc.org/isc-projects/bind9/-/commit/c4fac5ca98efd02fbaef43601627c7a3a09f5a71 (v9.16.44)