CVE-2023-2911

NameCVE-2023-2911
DescriptionIf the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5439-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)jessie, jessie (lts)1:9.9.5.dfsg-9+deb8u31fixed
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u12fixed
stretch (lts), stretch1:9.10.3.dfsg.P4-12.3+deb9u16fixed
buster, buster (lts)1:9.11.5.P4+dfsg-5.1+deb10u13fixed
buster (security)1:9.11.5.P4+dfsg-5.1+deb10u11fixed
bullseye1:9.16.50-1~deb11u2fixed
bullseye (security)1:9.16.50-1~deb11u1fixed
bookworm (security), bookworm1:9.18.28-1~deb12u2fixed
sid, trixie1:9.20.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcejessie(not affected)
bind9sourcestretch(not affected)
bind9sourcebuster(not affected)
bind9sourcebullseye1:9.16.42-1~deb11u1DSA-5439-1
bind9sourcebookworm1:9.18.16-1~deb12u1DSA-5439-1
bind9source(unstable)1:9.18.16-1

Notes

[buster] - bind9 <not-affected> (Vulnerable code not present; libns added in 9.19.14)
https://kb.isc.org/docs/cve-2023-2911
https://downloads.isc.org/isc/bind9/9.18.16/patches/0003-CVE-2023-2911.patch
https://downloads.isc.org/isc/bind9/9.16.42/patches/0003-CVE-2023-2911.patch
[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
[jessie] - bind9 <not-affected> (Vulnerable code introduced later)

Search for package or bug name: Reporting problems