Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-5517

A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Published

2024-02-13T14:15:45.510

Last Modified

2024-11-21T08:41:55.487

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-617
Type: Secondary
CWE-617

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	netapp	active_iq_unified_manager	-	Yes
Operating System	fedoraproject	fedora	38	Yes
Operating System	fedoraproject	fedora	39	Yes
Application	isc	bind	≤ 9.16.45	Yes
Application	isc	bind	≤ 9.18.21	Yes
Application	isc	bind	≤ 9.19.19	Yes
Application	isc	bind	9.16.8	Yes
Application	isc	bind	9.16.11	Yes
Application	isc	bind	9.16.12	Yes
Application	isc	bind	9.16.13	Yes
Application	isc	bind	9.16.14	Yes
Application	isc	bind	9.16.21	Yes
Application	isc	bind	9.16.32	Yes
Application	isc	bind	9.16.36	Yes
Application	isc	bind	9.16.43	Yes
Application	isc	bind	9.16.45	Yes
Application	isc	bind	9.18.11	Yes
Application	isc	bind	9.18.18	Yes
Application	isc	bind	9.18.21	Yes

References

http://www.openwall.com/lists/oss-security/2024/02/13/1 Mailing List, Third Party Advisory ([email protected])
https://kb.isc.org/docs/cve-2023-5517 Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/ Mailing List, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240503-0006/ Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/02/13/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.isc.org/docs/cve-2023-5517 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240503-0006/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)