Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-2829
PUBLISHED
More InfoOfficial Page
Assigner-isc
Assigner Org ID-404fd4d2-a609-4245-b543-2c944a302a22
View Known Exploited Vulnerability (KEV) details
Published At-21 Jun, 2023 | 16:26
Updated At-13 Feb, 2025 | 16:48
Rejected At-
▼CVE Numbering Authority (CNA)
Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.

Affected Products
Vendor
Internet Systems Consortium, Inc.ISC
Product
BIND 9
Default Status
unaffected
Versions
Affected
  • From 9.16.8-S1 through 9.16.41-S1 (custom)
  • From 9.18.11-S1 through 9.18.15-S1 (custom)
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/ABy sending specific queries to the resolver, an attacker can cause `named` to terminate unexpectedly. Note that the BIND configuration option `synth-from-dnssec` is enabled by default in all versions of BIND 9.18 and 9.18-S and newer. In earlier versions of BIND that had this option available, it was disabled unless activated explicitly in `named.conf`.
CAPEC ID: N/A
Description: By sending specific queries to the resolver, an attacker can cause `named` to terminate unexpectedly. Note that the BIND configuration option `synth-from-dnssec` is enabled by default in all versions of BIND 9.18 and 9.18-S and newer. In earlier versions of BIND that had this option available, it was disabled unless activated explicitly in `named.conf`.
Solutions

Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.42-S1 or 9.18.16-S1.

Configurations
Workarounds

Setting `synth-from-dnssec` to `no` prevents the problem.

Exploits

We are not aware of any active exploits.

Credits
ISC would like to thank Greg Kuechle from SaskTel for bringing this vulnerability to our attention.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.isc.org/docs/cve-2023-2829
vendor-advisory
https://security.netapp.com/advisory/ntap-20230703-0010/
N/A
Hyperlink: https://kb.isc.org/docs/cve-2023-2829
Resource:
vendor-advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20230703-0010/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.isc.org/docs/cve-2023-2829
vendor-advisory
x_transferred
https://security.netapp.com/advisory/ntap-20230703-0010/
x_transferred
Hyperlink: https://kb.isc.org/docs/cve-2023-2829
Resource:
vendor-advisory
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20230703-0010/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found