CVE-2023-4236
HIGH EPSS 79.8%
Published Sep 20, 20232y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
Published Sep 20, 2023 2y ago
Last Modified Jun 17, 2026 2w ago
Description
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
79.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-617
Affected Products 18
| Vendor | Product | Version | Range |
|---|---|---|---|
| isc | bind | * | ≥9.18.0 – <9.18.18 |
| isc | bind | 9.18.11 | any |
| isc | bind | 9.18.18 | any |
| fedoraproject | fedora | 37 | any |
| fedoraproject | fedora | 38 | any |
| fedoraproject | fedora | 39 | any |
| debian | debian_linux | 10.0 | any |
| debian | debian_linux | 11.0 | any |
| netapp | h300s_firmware | * | any |
| netapp | h300s | * | any |
| netapp | h500s_firmware | * | any |
| netapp | h500s | * | any |
| netapp | h700s_firmware | * | any |
| netapp | h700s | * | any |
| netapp | h410s_firmware | * | any |
| netapp | h410s | * | any |
| netapp | h410c_firmware | * | any |
| netapp | h410c | * | any |
References 7
- openwall.com http://www.openwall.com/lists/oss-security/2023/09/20/2
- kb.isc.org https://kb.isc.org/docs/cve-2023-4236
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/
- security.netapp.com https://security.netapp.com/advisory/ntap-20231013-0004/
- debian.org https://www.debian.org/security/2023/dsa-5504
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.