CVE-2023-5679

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.16.12 through 9.16.45 BIND 9 versions 9.18.0 through 9.18.21 BIND 9 versions 9.19.0 through 9.19.19 BIND 9 versions 9.16.12-S1 through 9.16.45-S1 BIND 9 versions 9.18.11-S1 through 9.18.21-S1

Description A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue can be exploited by a remote attacker to trigger an assertion failure, potentially leading to a denial of service.

Recommendations For versions 9.16.12 through 9.16.45, consider disabling the DNS64 and serve-stale features until a patch is available. For versions 9.18.0 through 9.18.21, consider disabling the DNS64 and serve-stale features until a patch is available. For versions 9.19.0 through 9.19.19, consider disabling the DNS64 and serve-stale features until a patch is available. For versions 9.16.12-S1 through 9.16.45-S1, consider disabling the DNS64 and serve-stale features until a patch is available. For versions 9.18.11-S1 through 9.18.21-S1, consider disabling the DNS64 and serve-stale features until a patch is available. As a temporary workaround, consider restricting access to the named parameter to minimize the risk of exploitation.