Vulnerability Description
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Bind | >= 9.11.0, <= 9.16.41 |
| Debian | Debian Linux | 10.0 |
| Fedoraproject | Fedora | 37 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
| Netapp | H410C Firmware | - |
| Netapp | H410C | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2023/06/21/6Mailing ListPatchThird Party Advisory
- https://kb.isc.org/docs/cve-2023-2828Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/07/msg00021.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20230703-0010/Third Party Advisory
- https://www.debian.org/security/2023/dsa-5439Third Party Advisory
- http://www.openwall.com/lists/oss-security/2023/06/21/6Mailing ListPatchThird Party Advisory
- https://kb.isc.org/docs/cve-2023-2828Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/07/msg00021.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20230703-0010/Third Party Advisory
- https://www.debian.org/security/2023/dsa-5439Third Party Advisory
FAQ
What is CVE-2023-2828?
CVE-2023-2828 is a vulnerability with a CVSS score of 7.5 (HIGH). Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that ...
How severe is CVE-2023-2828?
CVE-2023-2828 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2828?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind, Debian Debian Linux, Fedoraproject Fedora, Netapp Active Iq Unified Manager, Netapp H500S Firmware.