The Internet Systems Consortium (ISC) released multiple patches for denial-of-service (DoS) issues in DNS’s BIND software. The vulnerabilities could be utilized to overwhelm and crash named, BIND’s recursive resolver and authoritative name server. All vulnerabilities are fixed in BIND versions 9.16.42, 9.18.16, and 9.19.14, as well as BIND Supported Preview Edition versions 9.16.42-S1 and 9.18.16-S1.
CVE-2023-2828 affects the system responsible for limiting the memory cache of named. Compromising this system would allow a bad actor to exceed the maximum memory cache and create a DoS situation. CVE-2023-2829 specifically impacts the named DNSSEC-validating recursive resolver. When the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option is enabled, attackers can send queries that crash named. CVE-2023-2911 affects BIND 9 resolvers counting the number of recursive clients. The bug allows attackers to use a sequence of serve-stale-related lookups to crash named.
Read More:
