7.5 CVE-2023-5517
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:
- `nxdomain-redirect <domain>;` is configured, and
- the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.
This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
https://nvd.nist.gov/vuln/detail/CVE-2023-5517
Categories
CWE-617 : Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources) Perform input validation on user data. Chain: function in web caching proxy does not correctly check a return value (CWE-253) leading to a reachable assertion (CWE-617) FTP server allows remote attackers to cause a denial of service (daemon abort) via crafted commands which trigger an assertion failure. Chat client allows remote attackers to cause a denial of service (crash) via a long message string when connecting to a server, which causes an assertion failure. Product allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. Product allows remote attackers to cause a denial of service (crash) via certain queries, which cause an assertion failure. Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion. Anti-virus product has assert error when line length is non-numeric.
References
af854a3a-2127-422b-91ae-364da2661108
| http://www.openwall.com/lists/oss-security/2024/02/13/1 Mailing List Third Party Advisory |
| https://kb.isc.org/docs/cve-2023-5517 Vendor Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr... Mailing List Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr... Mailing List Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr... Mailing List Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr... Mailing List Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20240503-0006/ Third Party Advisory |
security-officer@isc.org
| http://www.openwall.com/lists/oss-security/2024/02/13/1 Mailing List Third Party Advisory |
| https://kb.isc.org/docs/cve-2023-5517 Vendor Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr... Mailing List Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr... Mailing List Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr... Mailing List Third Party Advisory |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr... Mailing List Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20240503-0006/ Third Party Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* | ||
| Configuration 2 | ||
| cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* | >= 9.12.0 | <= 9.16.45 |
| cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* | >= 9.18.0 | <= 9.18.21 |
| cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:* | >= 9.19.0 | <= 9.19.19 |
| cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.16.12:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.16.36:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.16.43:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.16.45:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.18.18:s1:*:*:supported_preview:*:*:* | ||
| cpe:2.3:a:isc:bind:9.18.21:s1:*:*:supported_preview:*:*:* | ||
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
