CVE-2023-5517

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.12.0 through 9.16.45 BIND 9 versions 9.18.0 through 9.18.21 BIND 9 versions 9.19.0 through 9.19.19 BIND 9 versions 9.16.8-S1 through 9.16.45-S1 BIND 9 versions 9.18.11-S1 through 9.18.21-S1

Description A flaw in query-handling code can cause named to exit prematurely with an assertion failure when nxdomain-redirect <domain>; is configured and the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue can be exploited by a remote attacker to trigger an assertion failure, resulting in a denial of service.

Recommendations For BIND 9 versions 9.12.0 through 9.16.45, update to a version outside of this range to resolve the issue. For BIND 9 versions 9.18.0 through 9.18.21, update to a version outside of this range to resolve the issue. For BIND 9 versions 9.19.0 through 9.19.19, update to a version outside of this range to resolve the issue. For BIND 9 versions 9.16.8-S1 through 9.16.45-S1, update to a version outside of this range to resolve the issue. For BIND 9 versions 9.18.11-S1 through 9.18.21-S1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the nxdomain-redirect feature until a patch is available.