← Back

CVE-2023-4408

nvd nist
Published: Feb 13, 2024Modified: Mar 14, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: security-officer@isc.org (Secondary)

Description

The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Affected (20)

Netapp
1 product
Ontap
Fedoraproject
1 product
Fedora
Isc
1 product
Bind
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Netapp
Ontap
Version 9.14.1
Ontap
Version 9.15.1
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 38
Fedora
Version 39
Configuration C
16 vulnerable
Vulnerable SoftwareAffected Versions
Isc
Bind
From 9.0.0 to 9.16.45
Bind
From 9.18.0 to 9.18.21
Bind
From 9.19.0 to 9.19.19
Bind
Version 9.16.11 s1
Bind
Version 9.16.12 s1
Bind
Version 9.16.13 s1
Bind
Version 9.16.14 s1
Bind
Version 9.16.21 s1
Bind
Version 9.16.32 s1
Bind
Version 9.16.36 s1
Bind
Version 9.16.43 s1
Bind
Version 9.16.8 s1
Bind
Version 9.18.0 s1
Bind
Version 9.18.11 s1
Bind
Version 9.18.18 s1
Bind
Version 9.9.3 s1

Related CWEs

CWE-407
Inefficient Algorithmic Complexity
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References (14)

Source: security-officer@isc.org
Mailing ListThird Party Advisory
Source: security-officer@isc.org
Vendor Advisory
Source: security-officer@isc.org
Mailing ListThird Party Advisory
Source: security-officer@isc.org
Mailing ListThird Party Advisory
Source: security-officer@isc.org
Mailing ListThird Party Advisory
Source: security-officer@isc.org
Mailing ListThird Party Advisory
Source: security-officer@isc.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.