CVE-2023-5680

Name of the Vulnerable Software and Affected Versions BIND versions 9.11.3-S1 through 9.11.37-S1 BIND versions 9.16.8-S1 through 9.16.45-S1 BIND versions 9.18.11-S1 through 9.18.21-S1

Description The issue is related to the EDNS Client Subnet (ECS) component of the BIND DNS server, which can lead to uncontrolled resource consumption. This can be exploited by a remote attacker to cause a denial of service through the named parameter. The problem occurs when a resolver cache has a large number of ECS records stored for the same name, significantly impairing query performance during cache database node cleaning.

Recommendations For BIND versions 9.11.3-S1 through 9.11.37-S1, update to a version outside of this range to resolve the issue. For BIND versions 9.16.8-S1 through 9.16.45-S1, update to a version outside of this range to resolve the issue. For BIND versions 9.18.11-S1 through 9.18.21-S1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the use of the ECS component until a patch is available.