CVE-2023-6516

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.16.0 through 9.16.45 BIND 9 versions 9.16.8-S1 through 9.16.45-S1

Description The issue affects the named process running as a recursive resolver, which attempts to clean up its cache database using several methods, including asynchronous ones. If the resolver is continuously processing query patterns that trigger this type of cache-database maintenance, it may not be able to handle the cleanup events in a timely manner. This enables the list of queued cleanup events to grow infinitely large over time, allowing the configured max-cache-size limit to be significantly exceeded. A remote attacker could exploit this vulnerability to trigger an assertion failure by querying RFC 1918 reverse zones.

Recommendations For BIND 9 versions 9.16.0 through 9.16.45, update to a version that includes the fix for this issue. For BIND 9 versions 9.16.8-S1 through 9.16.45-S1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the max-cache-size limit to prevent excessive growth of queued cleanup events. Restrict access to the recursive resolver to minimize the risk of exploitation.