Unrated severityNVD Advisory· Published Sep 20, 2023· Updated Dec 2, 2025
A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
CVE-2023-3341
Description
The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.
Affected products
53- osv-coords52 versionspkg:rpm/almalinux/bindpkg:rpm/almalinux/bind9.16pkg:rpm/almalinux/bind9.16-chrootpkg:rpm/almalinux/bind9.16-develpkg:rpm/almalinux/bind9.16-dnssec-utilspkg:rpm/almalinux/bind9.16-docpkg:rpm/almalinux/bind9.16-libspkg:rpm/almalinux/bind9.16-licensepkg:rpm/almalinux/bind9.16-utilspkg:rpm/almalinux/bind-chrootpkg:rpm/almalinux/bind-develpkg:rpm/almalinux/bind-dnssec-docpkg:rpm/almalinux/bind-dnssec-utilspkg:rpm/almalinux/bind-docpkg:rpm/almalinux/bind-export-develpkg:rpm/almalinux/bind-export-libspkg:rpm/almalinux/bind-libspkg:rpm/almalinux/bind-libs-litepkg:rpm/almalinux/bind-licensepkg:rpm/almalinux/bind-lite-develpkg:rpm/almalinux/bind-pkcs11pkg:rpm/almalinux/bind-pkcs11-develpkg:rpm/almalinux/bind-pkcs11-libspkg:rpm/almalinux/bind-pkcs11-utilspkg:rpm/almalinux/bind-sdbpkg:rpm/almalinux/bind-sdb-chrootpkg:rpm/almalinux/bind-utilspkg:rpm/almalinux/python3-bindpkg:rpm/almalinux/python3-bind9.16pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/bind&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/bind&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/bind&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/bind&distro=SUSE%20Manager%20Server%204.2
< 32:9.11.36-8.el8_8.2+ 51 more
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.16.23-11.el9_2.2
- (no CPE)range: < 32:9.16.23-11.el9_2.2
- (no CPE)range: < 32:9.16.23-11.el9_2.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 9.16.44-150400.5.37.2
- (no CPE)range: < 9.16.44-150500.8.12.2
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.16.44-150400.5.37.2
- (no CPE)range: < 9.16.44-150500.8.12.2
- (no CPE)range: < 9.16.44-150400.5.37.2
- (no CPE)range: < 9.16.44-150500.8.12.2
- (no CPE)range: < 9.11.22-3.49.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.11.22-3.49.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.11.22-3.49.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- ISC/BIND 9v5Range: 9.2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- kb.isc.org/docs/cve-2023-3341mitrevendor-advisory
- www.openwall.com/lists/oss-security/2023/09/20/2mitre
- lists.debian.org/debian-lts-announce/2024/01/msg00021.htmlmitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/mitre
- security.netapp.com/advisory/ntap-20231013-0003/mitre
- www.debian.org/security/2023/dsa-5504mitre
News mentions
0No linked articles in our index yet.