Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-2828

Published: 21/06/2023 Updated: 21/07/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Isc

Vulnerability Summary

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 up to and including 9.16.41, 9.18.0 up to and including 9.18.15, 9.19.0 up to and including 9.19.13, 9.11.3-S1 up to and including 9.16.41-S1, and 9.18.11-S1 up to and including 9.18.15-S1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

isc bind

debian debian linux 10.0

debian debian linux 11.0

debian debian linux 12.0

fedoraproject fedora 37

fedoraproject fedora 38

netapp active iq unified manager -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h410s_firmware -

netapp h410c_firmware -

netapp h300s_firmware -

Vendor Advisories

Debian Security Advisories: DSA-5439-1 bind9 -- security update
Several vulnerabilities were discovered in BIND, a DNS server implementation CVE-2023-2828 Shoham Danino, Anat Bremler-Barr, Yehuda Afek and Yuval Shavitt discovered that a flaw in the cache-cleaning algorithm used in named can cause that named's configured cache size limit can be significantly exceeded, potentially resulting in d ...
Amazon Linux 2: ALAS2-2023-2112
A vulnerability was found in BIND The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly (CVE-2023-2828) ...
Amazon Linux AMI: ALAS-2023-1789
A vulnerability was found in BIND The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly (CVE-2023-2828) ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...
Red Hat: Moderate: OpenShift Container Platform 4.13.6 security and extras update
Synopsis Moderate: OpenShift Container Platform 4136 security and extras update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4136 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 413R ...
Red Hat: Important: bind security and bug fix update
Synopsis Important: bind security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security ha ...
Red Hat: Important: bind9.16 security update
Synopsis Important: bind916 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind916 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having ...
Red Hat: Important: Red Hat OpenShift Service Mesh Containers for 2.4.2 security update
Synopsis Important: Red Hat OpenShift Service Mesh Containers for 242 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 242 ContainersRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Important: Red Hat OpenShift Service Mesh Containers for 2.3.6 security update
Synopsis Important: Red Hat OpenShift Service Mesh Containers for 236 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 236 ContainersRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Moderate: OpenShift Container Platform 4.13.6 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4136 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4136 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Con ...
Red Hat: Critical: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes
Synopsis Critical: Multicluster Engine for Kubernetes 227 security updates and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 227 General Availability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a security impactof Critic ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 1712 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 1712 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a securi ...
Red Hat: Moderate: OpenShift Container Platform 4.11.46 security update
Synopsis Moderate: OpenShift Container Platform 41146 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41146 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Plat ...
Red Hat: Important: OpenShift Virtualization 4.12.5 security and bug fix update
Synopsis Important: OpenShift Virtualization 4125 security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4125 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security imp ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a securi ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux 82 Telecommu ...
Red Hat: Important: bind9.16 security update
Synopsis Important: bind916 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind916 is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has ra ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security has ...
Red Hat: Critical: Red Hat OpenShift GitOps security update
Synopsis Critical: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift GitOps 19Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red Hat Enterprise Li ...
Red Hat: Critical: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes
Synopsis Critical: Multicluster Engine for Kubernetes 218 security updates and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 218 General Availability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security impactof Critica ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for bind is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a securi ...

References

CWE-770https://kb.isc.org/docs/cve-2023-2828http://www.openwall.com/lists/oss-security/2023/06/21/6https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/https://www.debian.org/security/2023/dsa-5439https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/https://security.netapp.com/advisory/ntap-20230703-0010/https://lists.debian.org/debian-lts-announce/2023/07/msg00021.htmlhttps://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5439
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook