CVE-2023-3341

HIGH EPSS 83.6%
Published Sep 20, 20232y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Sep 20, 2023 2y ago
Last Modified Jun 17, 2026 2w ago

Description

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
83.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-1325
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 38

VendorProductVersionRange
iscbind*≥9.2.0  –  <9.16.44
iscbind*≥9.18.0  –  <9.18.19
iscbind*≥9.19.0  –  <9.19.17
iscbind9.9.3any
iscbind9.9.12any
iscbind9.9.13any
iscbind9.10.5any
iscbind9.10.7any
iscbind9.11.3any
iscbind9.11.3any
iscbind9.11.4any
iscbind9.11.5any
iscbind9.11.5any
iscbind9.11.5any
iscbind9.11.6any
iscbind9.11.7any
iscbind9.11.8any
iscbind9.11.12any
iscbind9.11.21any
iscbind9.11.27any
iscbind9.11.29any
iscbind9.11.35any
iscbind9.11.37any
iscbind9.16.8any
iscbind9.16.11any
iscbind9.16.12any
iscbind9.16.13any
iscbind9.16.14any
iscbind9.16.21any
iscbind9.16.32any
iscbind9.16.36any
iscbind9.16.43any
iscbind9.18.0any
iscbind9.18.18any
fedoraprojectfedora37any
fedoraprojectfedora38any
debiandebian_linux10.0any
debiandebian_linux11.0any

References 8

  • openwall.com http://www.openwall.com/lists/oss-security/2023/09/20/2
    Mailing ListPatch
  • kb.isc.org https://kb.isc.org/docs/cve-2023-3341
    Vendor Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/01/msg00021.html
    Third Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/
    Mailing List
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/
    Mailing ListThird Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20231013-0003/
    Third Party Advisory
  • debian.org https://www.debian.org/security/2023/dsa-5504
    Third Party Advisory

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2023/09/20/2
    Mailing ListPatch