CVE-2023-2911

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.16.33 through 9.16.41 BIND 9 versions 9.18.7 through 9.18.15 BIND 9 versions 9.16.33-S1 through 9.16.41-S1 BIND 9 versions 9.18.11-S1 through 9.18.15-S1

Description A sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow when the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;. This issue may allow a remote attacker to cause a denial of service.

Recommendations For BIND 9 versions 9.16.33 through 9.16.41, update to a version outside of this range to resolve the issue. For BIND 9 versions 9.18.7 through 9.18.15, update to a version outside of this range to resolve the issue. For BIND 9 versions 9.16.33-S1 through 9.16.41-S1, update to a version outside of this range to resolve the issue. For BIND 9 versions 9.18.11-S1 through 9.18.15-S1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the stale-answer-enable option or setting stale-answer-client-timeout to a non-zero value until a patch is available.