Unrated severityNVD Advisory· Published Feb 13, 2024· Updated Mar 14, 2025

Parsing large DNS messages may cause excessive CPU load

CVE-2023-4408

Description

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Affected products

osv-coords71 versions
pkg:apk/chainguard/bind pkg:apk/chainguard/bind-dev pkg:apk/chainguard/bind-dnssec-root pkg:apk/chainguard/bind-dnssec-tools pkg:apk/chainguard/bind-doc pkg:apk/chainguard/bind-libs pkg:apk/chainguard/bind-plugins pkg:apk/chainguard/bind-tools pkg:apk/wolfi/bind pkg:apk/wolfi/bind-dev pkg:apk/wolfi/bind-dnssec-root pkg:apk/wolfi/bind-dnssec-tools pkg:apk/wolfi/bind-doc pkg:apk/wolfi/bind-libs pkg:apk/wolfi/bind-plugins pkg:apk/wolfi/bind-tools pkg:rpm/almalinux/bind pkg:rpm/almalinux/bind9.16 pkg:rpm/almalinux/bind9.16-chroot pkg:rpm/almalinux/bind9.16-devel pkg:rpm/almalinux/bind9.16-dnssec-utils pkg:rpm/almalinux/bind9.16-doc pkg:rpm/almalinux/bind9.16-libs pkg:rpm/almalinux/bind9.16-license pkg:rpm/almalinux/bind9.16-utils pkg:rpm/almalinux/bind-chroot pkg:rpm/almalinux/bind-devel pkg:rpm/almalinux/bind-dnssec-doc pkg:rpm/almalinux/bind-dnssec-utils pkg:rpm/almalinux/bind-doc pkg:rpm/almalinux/bind-dyndb-ldap pkg:rpm/almalinux/bind-export-devel pkg:rpm/almalinux/bind-export-libs pkg:rpm/almalinux/bind-libs pkg:rpm/almalinux/bind-libs-lite pkg:rpm/almalinux/bind-license pkg:rpm/almalinux/bind-lite-devel pkg:rpm/almalinux/bind-pkcs11 pkg:rpm/almalinux/bind-pkcs11-devel pkg:rpm/almalinux/bind-pkcs11-libs pkg:rpm/almalinux/bind-pkcs11-utils pkg:rpm/almalinux/bind-sdb pkg:rpm/almalinux/bind-sdb-chroot pkg:rpm/almalinux/bind-utils pkg:rpm/almalinux/python3-bind pkg:rpm/almalinux/python3-bind9.16 pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/bind&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205 pkg:rpm/suse/bind&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/bind&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/libuv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/libuv&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/libuv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/libuv&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205
< 9.18.24-r0+ 70 more
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 11.9-8.el9_3.3.alma.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.11.36-11.el8_9.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 9.16.48-150500.8.16.1
- (no CPE)range: < 9.16.6-150300.22.44.1
- (no CPE)range: < 9.16.6-150000.12.74.2
- (no CPE)range: < 9.16.6-150300.22.44.1
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 9.16.48-150500.8.16.1
- (no CPE)range: < 9.16.6-150300.22.44.1
- (no CPE)range: < 9.16.48-150500.8.16.1
- (no CPE)range: < 9.11.22-3.52.1
- (no CPE)range: < 9.16.6-150000.12.74.2
- (no CPE)range: < 9.16.6-150300.22.44.1
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 9.11.22-3.52.1
- (no CPE)range: < 9.16.6-150000.12.74.2
- (no CPE)range: < 9.16.6-150300.22.44.1
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 9.11.22-3.52.1
- (no CPE)range: < 9.16.6-150000.12.74.2
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 1.18.0-150000.3.2.1
- (no CPE)range: < 1.18.0-150000.3.2.1
- (no CPE)range: < 1.18.0-150000.3.2.1
- (no CPE)range: < 1.18.0-150000.3.2.1
ISC/BIND 9v5
Range: 9.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000