Unrated severityNVD Advisory· Published Feb 13, 2024· Updated Feb 13, 2025

Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled

CVE-2023-5517

Description

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when:

- nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Affected products

osv-coords58 versions
pkg:apk/chainguard/bind pkg:apk/chainguard/bind-dev pkg:apk/chainguard/bind-dnssec-root pkg:apk/chainguard/bind-dnssec-tools pkg:apk/chainguard/bind-doc pkg:apk/chainguard/bind-libs pkg:apk/chainguard/bind-plugins pkg:apk/chainguard/bind-tools pkg:apk/wolfi/bind pkg:apk/wolfi/bind-dev pkg:apk/wolfi/bind-dnssec-root pkg:apk/wolfi/bind-dnssec-tools pkg:apk/wolfi/bind-doc pkg:apk/wolfi/bind-libs pkg:apk/wolfi/bind-plugins pkg:apk/wolfi/bind-tools pkg:rpm/almalinux/bind pkg:rpm/almalinux/bind9.16 pkg:rpm/almalinux/bind9.16-chroot pkg:rpm/almalinux/bind9.16-devel pkg:rpm/almalinux/bind9.16-dnssec-utils pkg:rpm/almalinux/bind9.16-doc pkg:rpm/almalinux/bind9.16-libs pkg:rpm/almalinux/bind9.16-license pkg:rpm/almalinux/bind9.16-utils pkg:rpm/almalinux/bind-chroot pkg:rpm/almalinux/bind-devel pkg:rpm/almalinux/bind-dnssec-doc pkg:rpm/almalinux/bind-dnssec-utils pkg:rpm/almalinux/bind-doc pkg:rpm/almalinux/bind-dyndb-ldap pkg:rpm/almalinux/bind-libs pkg:rpm/almalinux/bind-license pkg:rpm/almalinux/bind-utils pkg:rpm/almalinux/python3-bind pkg:rpm/almalinux/python3-bind9.16 pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/bind&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/bind&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205 pkg:rpm/suse/bind&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/bind&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/libuv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/libuv&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/libuv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/libuv&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205
< 9.18.24-r0+ 57 more
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 9.18.24-r0
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 11.9-8.el9_3.3.alma.1
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 32:9.16.23-14.el9_3.4
- (no CPE)range: < 32:9.16.23-0.16.el8_9.2.alma.1
- (no CPE)range: < 9.16.48-150500.8.16.1
- (no CPE)range: < 9.16.6-150300.22.44.1
- (no CPE)range: < 9.16.6-150000.12.74.2
- (no CPE)range: < 9.16.6-150300.22.44.1
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 9.16.48-150500.8.16.1
- (no CPE)range: < 9.16.6-150300.22.44.1
- (no CPE)range: < 9.16.48-150500.8.16.1
- (no CPE)range: < 9.16.6-150000.12.74.2
- (no CPE)range: < 9.16.6-150300.22.44.1
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 9.16.6-150000.12.74.2
- (no CPE)range: < 9.16.6-150300.22.44.1
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 9.16.6-150000.12.74.2
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 9.16.48-150400.5.40.1
- (no CPE)range: < 1.18.0-150000.3.2.1
- (no CPE)range: < 1.18.0-150000.3.2.1
- (no CPE)range: < 1.18.0-150000.3.2.1
- (no CPE)range: < 1.18.0-150000.3.2.1
ISC/BIND 9v5
Range: 9.12.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000