7.5

CVE-2023-4408

Parsing large DNS messages may cause excessive CPU load

The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.
This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetappOntap Version9.14.1
NetappOntap Version9.15.1
FedoraprojectFedora Version38
FedoraprojectFedora Version39
IscBind SwEdition- Version >= 9.0.0 <= 9.16.45
IscBind SwEdition- Version >= 9.18.0 <= 9.18.21
IscBind SwEdition- Version >= 9.19.0 <= 9.19.19
IscBind Version9.9.3 Updates1 SwEditionsupported_preview
IscBind Version9.16.8 Updates1 SwEditionsupported_preview
IscBind Version9.16.11 Updates1 SwEditionsupported_preview
IscBind Version9.16.12 Updates1 SwEditionsupported_preview
IscBind Version9.16.13 Updates1 SwEditionsupported_preview
IscBind Version9.16.14 Updates1 SwEditionsupported_preview
IscBind Version9.16.21 Updates1 SwEditionsupported_preview
IscBind Version9.16.32 Updates1 SwEditionsupported_preview
IscBind Version9.16.36 Updates1 SwEditionsupported_preview
IscBind Version9.16.43 Updates1 SwEditionsupported_preview
IscBind Version9.18.0 Updates1 SwEditionsupported_preview
IscBind Version9.18.11 Updates1 SwEditionsupported_preview
IscBind Version9.18.18 Updates1 SwEditionsupported_preview
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.33% 0.673
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-officer@isc.org 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-407 Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

http://www.openwall.com/lists/oss-security/2024/02/13/1
Third Party Advisory
Mailing List
https://kb.isc.org/docs/cve-2023-4408
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20240426-0001/
Third Party Advisory