Unrated severityNVD Advisory· Published Feb 13, 2024· Updated Mar 17, 2025

Cleaning an ECS-enabled cache may cause excessive CPU load

CVE-2023-5680

Description

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Affected products

osv-coords16 versions
pkg:apk/chainguard/bind pkg:apk/chainguard/bind-dev pkg:apk/chainguard/bind-dnssec-root pkg:apk/chainguard/bind-dnssec-tools pkg:apk/chainguard/bind-doc pkg:apk/chainguard/bind-libs pkg:apk/chainguard/bind-plugins pkg:apk/chainguard/bind-tools pkg:apk/wolfi/bind pkg:apk/wolfi/bind-dev pkg:apk/wolfi/bind-dnssec-root pkg:apk/wolfi/bind-dnssec-tools pkg:apk/wolfi/bind-doc pkg:apk/wolfi/bind-libs pkg:apk/wolfi/bind-plugins pkg:apk/wolfi/bind-tools
< 9.18.25-r0+ 15 more
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
- (no CPE)range: < 9.18.25-r0
ISC/BIND 9v5
Range: 9.11.3-S1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.isc.org/docs/cve-2023-5680mitrevendor-advisory
security.netapp.com/advisory/ntap-20240503-0005/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000