CVE-2023-2828

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.11.0 through 9.16.41 BIND 9 versions 9.18.0 through 9.18.15 BIND 9 versions 9.19.0 through 9.19.13 BIND 9 versions 9.11.3-S1 through 9.16.41-S1 BIND 9 versions 9.18.11-S1 through 9.18.15-S1

Description The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to be significantly exceeded. This can lead to a denial of service, caused by a flaw that allows the named's configured cache size limit to be significantly exceeded, potentially exhausting all memory on the host.

Recommendations For BIND 9 versions 9.11.0 through 9.16.41, update to a version that includes a fix for this issue. For BIND 9 versions 9.18.0 through 9.18.15, update to a version that includes a fix for this issue. For BIND 9 versions 9.19.0 through 9.19.13, update to a version that includes a fix for this issue. For BIND 9 versions 9.11.3-S1 through 9.16.41-S1, update to a version that includes a fix for this issue. For BIND 9 versions 9.18.11-S1 through 9.18.15-S1, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the named instance to minimize the risk of exploitation.