A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
Description
The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
55>=9.2.0, <=9.16.43 or >=9.18.0, <=9.18.18 or >=9.19.0, <=9.19.16 or >=9.9.3-S1, <=9.16.43-S1 or >=9.18.0-S1, <=9.18.18-S1+ 1 more
- (no CPE)range: >=9.2.0, <=9.16.43 or >=9.18.0, <=9.18.18 or >=9.19.0, <=9.19.16 or >=9.9.3-S1, <=9.16.43-S1 or >=9.18.0-S1, <=9.18.18-S1
- (no CPE)range: 9.2.0
- osv-coords53 versionspkg:rpm/almalinux/bindpkg:rpm/almalinux/bind9.16pkg:rpm/almalinux/bind9.16-chrootpkg:rpm/almalinux/bind9.16-develpkg:rpm/almalinux/bind9.16-dnssec-utilspkg:rpm/almalinux/bind9.16-docpkg:rpm/almalinux/bind9.16-libspkg:rpm/almalinux/bind9.16-licensepkg:rpm/almalinux/bind9.16-utilspkg:rpm/almalinux/bind-chrootpkg:rpm/almalinux/bind-develpkg:rpm/almalinux/bind-dnssec-docpkg:rpm/almalinux/bind-dnssec-utilspkg:rpm/almalinux/bind-docpkg:rpm/almalinux/bind-export-develpkg:rpm/almalinux/bind-export-libspkg:rpm/almalinux/bind-libspkg:rpm/almalinux/bind-libs-litepkg:rpm/almalinux/bind-licensepkg:rpm/almalinux/bind-lite-develpkg:rpm/almalinux/bind-pkcs11pkg:rpm/almalinux/bind-pkcs11-develpkg:rpm/almalinux/bind-pkcs11-libspkg:rpm/almalinux/bind-pkcs11-utilspkg:rpm/almalinux/bind-sdbpkg:rpm/almalinux/bind-sdb-chrootpkg:rpm/almalinux/bind-utilspkg:rpm/almalinux/python3-bindpkg:rpm/almalinux/python3-bind9.16pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweedpkg:rpm/suse/bind&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/bind&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/bind&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/bind&distro=SUSE%20Manager%20Server%204.2
< 32:9.11.36-8.el8_8.2+ 52 more
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.16.23-11.el9_2.2
- (no CPE)range: < 32:9.16.23-11.el9_2.2
- (no CPE)range: < 32:9.16.23-11.el9_2.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.11.36-8.el8_8.2
- (no CPE)range: < 32:9.16.23-0.14.el8_8.2.alma.1
- (no CPE)range: < 9.16.44-150400.5.37.2
- (no CPE)range: < 9.16.44-150500.8.12.2
- (no CPE)range: < 9.18.19-1.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.16.44-150400.5.37.2
- (no CPE)range: < 9.16.44-150500.8.12.2
- (no CPE)range: < 9.16.44-150400.5.37.2
- (no CPE)range: < 9.16.44-150500.8.12.2
- (no CPE)range: < 9.11.22-3.49.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.11.22-3.49.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.11.22-3.49.1
- (no CPE)range: < 9.16.6-150000.12.71.1
- (no CPE)range: < 9.16.6-150300.22.41.1
- (no CPE)range: < 9.16.6-150300.22.41.1
Patches
Vulnerability mechanics
References
8- kb.isc.org/docs/cve-2023-3341mitrevendor-advisory
- www.openwall.com/lists/oss-security/2023/09/20/2mitre
- lists.debian.org/debian-lts-announce/2024/01/msg00021.htmlmitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/mitre
- security.netapp.com/advisory/ntap-20231013-0003/mitre
- www.debian.org/security/2023/dsa-5504mitre
News mentions
0No linked articles in our index yet.