Unrated severityNVD Advisory· Published Jun 21, 2023· Updated Feb 13, 2025

Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0

CVE-2023-2911

Description

If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;, a sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

Affected products

osv-coords6 versions
pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5
< 9.16.42-150400.5.27.1+ 5 more
- (no CPE)range: < 9.16.42-150400.5.27.1
- (no CPE)range: < 9.16.42-150500.8.3.1
- (no CPE)range: < 9.16.42-150400.5.27.1
- (no CPE)range: < 9.16.42-150500.8.3.1
- (no CPE)range: < 9.16.42-150400.5.27.1
- (no CPE)range: < 9.16.42-150500.8.3.1
ISC/BIND 9v5
Range: 9.16.33

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000