CVE-2023-3341

NameCVE-2023-3341
DescriptionThe code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3726-1, DSA-5504-1
Debian Bugs1052416

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)buster1:9.11.5.P4+dfsg-5.1+deb10u7vulnerable
buster (security)1:9.11.5.P4+dfsg-5.1+deb10u10fixed
bullseye1:9.16.44-1~deb11u1fixed
bullseye (security)1:9.16.48-1fixed
bookworm1:9.18.19-1~deb12u1fixed
bookworm (security)1:9.18.24-1fixed
trixie, sid1:9.19.21-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcebuster1:9.11.5.P4+dfsg-5.1+deb10u10DLA-3726-1
bind9sourcebullseye1:9.16.44-1~deb11u1DSA-5504-1
bind9sourcebookworm1:9.18.19-1~deb12u1DSA-5504-1
bind9source(unstable)1:9.19.17-11052416

Notes

https://kb.isc.org/docs/cve-2023-3341
https://gitlab.isc.org/isc-projects/bind9/-/commit/432a49a7b089da6340e56d402034a586bc69f80e (v9.18.19)
https://gitlab.isc.org/isc-projects/bind9/-/commit/c4fac5ca98efd02fbaef43601627c7a3a09f5a71 (v9.16.44)
Search for package or bug name: Reporting problems