CVE-2023-5517

Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:

- `nxdomain-redirect <domain>;` is configured, and
- the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.
This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Una falla en el código de manejo de consultas puede causar que `named` se cierre prematuramente con un error de aserción cuando: - `nxdomain-redirect ;` está configurado, y - el solucionador recibe una consulta PTR para una dirección RFC 1918 que normalmente dar como resultado una respuesta NXDOMAIN autorizada. Este problema afecta a las versiones de BIND 9, 9.12.0 a 9.16.45, 9.18.0 a 9.18.21, 9.19.0 a 9.19.19, 9.16.8-S1 a 9.16.45-S1 y 9.18.11-S1 a 9.18. .21-S1.

A flaw was found in the bind package which may result in a Denial of Service in `named` process. This is a result of a reachable assertion, leading `named` to prematurely terminate when both conditions are met: nxdomain-redirect for the queried domain is configured and the resolver receives a PTR query, used for a reverse DNS lookup, for a RFC 1918 address that would normally result in an authoritative `NXDOMAIN` response. A single query matching both conditions can lead to a Denial of Service in the named application.

*Credits: N/A

CVSS Scores

Internet Systems Consortium (ISC)v3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-10-11 CVE Reserved
2024-02-13 CVE Published
2024-05-04 EPSS Updated
2024-08-22 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-617: Reachable Assertion

CAPEC

References (9)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2024/02/13/1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R
https://security.netapp.com/advisory/ntap-20240503-0006

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.isc.org/docs/cve-2023-5517	2024-05-03
https://access.redhat.com/security/cve/CVE-2023-5517	2024-04-30
https://bugzilla.redhat.com/show_bug.cgi?id=2263897	2024-04-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
ISC Search vendor "ISC"		BIND 9 Search vendor "ISC" for product "BIND 9"				>= 9.12.0 <= 9.16.45 Search vendor "ISC" for product "BIND 9" and version " >= 9.12.0 <= 9.16.45"		en		Affected
ISC Search vendor "ISC"		BIND 9 Search vendor "ISC" for product "BIND 9"				>= 9.18.0 <= 9.18.21 Search vendor "ISC" for product "BIND 9" and version " >= 9.18.0 <= 9.18.21"		en		Affected
ISC Search vendor "ISC"		BIND 9 Search vendor "ISC" for product "BIND 9"				>= 9.19.0 <= 9.19.19 Search vendor "ISC" for product "BIND 9" and version " >= 9.19.0 <= 9.19.19"		en		Affected