CVE-2023-5679

Published: Feb 13, 2024Modified: Mar 29, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: security-officer@isc.org (Secondary)

Description

A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Affected (17)

Products: Fedoraproject: Fedora · Netapp: Active Iq Unified Manager · Isc: Bind

1 product

1 product

Active Iq Unified Manager

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 38
Fedoraproject Fedora	Version 39
Netapp Active Iq Unified Manager	All versions

Configuration B

14 vulnerable

Vulnerable Software	Affected Versions
Isc Bind	From 9.16.12 to 9.16.45
Isc Bind	From 9.18.0 to 9.18.21
Isc Bind	From 9.19.0 to 9.19.19
Isc Bind	Version 9.16.12 s1
Isc Bind	Version 9.16.13 s1
Isc Bind	Version 9.16.14 s1
Isc Bind	Version 9.16.21 s1
Isc Bind	Version 9.16.32 s1
Isc Bind	Version 9.16.36 s1
Isc Bind	Version 9.16.43 s1
Isc Bind	Version 9.16.45 s1
Isc Bind	Version 9.18.11 s1
Isc Bind	Version 9.18.18 s1
Isc Bind	Version 9.18.21 s1

Related CWEs

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (14)

http://www.openwall.com/lists/oss-security/2024/02/13/1

Source: security-officer@isc.org

Mailing ListThird Party Advisory

https://kb.isc.org/docs/cve-2023-5679

Source: security-officer@isc.org

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/

Source: security-officer@isc.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/

Source: security-officer@isc.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/

Source: security-officer@isc.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/

Source: security-officer@isc.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20240426-0002/

Source: security-officer@isc.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2024/02/13/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://kb.isc.org/docs/cve-2023-5679

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20240426-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.