Action not permitted
Modal body text goes here.
cve-2023-5680
Vulnerability from cvelistv5
Published
2024-02-13 14:05
Modified
2024-08-02 08:07
Severity
Summary
Cleaning an ECS-enabled cache may cause excessive CPU load
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T18:02:52.507926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:30.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2023-5680",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-5680"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240503-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.11.37-S1",
"status": "affected",
"version": "9.11.3-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.45-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.21-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Yann Kerherve and Ask Bj\u00f8rn Hansen for bringing this vulnerability to our attention."
}
],
"datePublic": "2024-02-13T00:00:00Z",
"descriptions": [
{
"lang": "en",
"value": "If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. \nThis issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By sending specific queries to a resolver, an attacker can degrade `named`\u0027s query-handling performance. In the worst-case scenario, a resolver can become entirely unresponsive."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T14:05:19.783Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2023-5680",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2023-5680"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240503-0005/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48-S1 or 9.18.24-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cleaning an ECS-enabled cache may cause excessive CPU load",
"workarounds": [
{
"lang": "en",
"value": "There is no workaround for this issue other than disabling the ECS feature entirely."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2023-5680",
"datePublished": "2024-02-13T14:05:19.783Z",
"dateReserved": "2023-10-20T11:13:31.862Z",
"dateUpdated": "2024-08-02T08:07:32.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5680\",\"sourceIdentifier\":\"security-officer@isc.org\",\"published\":\"2024-02-13T14:15:45.850\",\"lastModified\":\"2024-05-03T13:15:21.093\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. \\nThis issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.\"},{\"lang\":\"es\",\"value\":\"Si un cach\u00e9 de resoluci\u00f3n tiene una gran cantidad de registros ECS almacenados para el mismo nombre, el proceso de limpieza del nodo de la base de datos del cach\u00e9 para este nombre puede afectar significativamente el rendimiento de la consulta. Este problema afecta a las versiones de BIND 9, 9.11.3-S1 a 9.11.37-S1, 9.16.8-S1 a 9.16.45-S1 y 9.18.11-S1 a 9.18.21-S1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-officer@isc.org\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"references\":[{\"url\":\"https://kb.isc.org/docs/cve-2023-5680\",\"source\":\"security-officer@isc.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240503-0005/\",\"source\":\"security-officer@isc.org\"}]}}"
}
}
gsd-2023-5680
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance.
This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-5680",
"id": "GSD-2023-5680"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-5680"
],
"details": "If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. \nThis issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
"id": "GSD-2023-5680",
"modified": "2023-12-13T01:20:51.020865Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"ID": "CVE-2023-5680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.11.3-S1",
"version_value": "9.11.37-S1"
},
{
"version_affected": "\u003c=",
"version_name": "9.16.8-S1",
"version_value": "9.16.45-S1"
},
{
"version_affected": "\u003c=",
"version_name": "9.18.11-S1",
"version_value": "9.18.21-S1"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Yann Kerherve and Ask Bj\u00f8rn Hansen for bringing this vulnerability to our attention."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. \nThis issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2023-5680",
"refsource": "MISC",
"url": "https://kb.isc.org/docs/cve-2023-5680"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48-S1 or 9.18.24-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There is no workaround for this issue other than disabling the ECS feature entirely."
}
]
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. \nThis issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
}
],
"id": "CVE-2023-5680",
"lastModified": "2024-02-13T15:16:05.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-officer@isc.org",
"type": "Primary"
}
]
},
"published": "2024-02-13T14:15:45.850",
"references": [
{
"source": "security-officer@isc.org",
"url": "https://kb.isc.org/docs/cve-2023-5680"
}
],
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
wid-sec-w-2024-0386
Vulnerability from csaf_certbund
Published
2024-02-13 23:00
Modified
2024-06-13 22:00
Summary
Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0386 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0386.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0386 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0386"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0977 vom 2024-02-26",
"url": "https://access.redhat.com/errata/RHSA-2024:0977"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0982 vom 2024-02-26",
"url": "https://access.redhat.com/errata/RHSA-2024:0982"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0981 vom 2024-02-26",
"url": "https://access.redhat.com/errata/RHSA-2024:0981"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2481 vom 2024-03-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2481.html"
},
{
"category": "external",
"summary": "BIND Security Advisory vom 2024-02-13",
"url": "https://kb.isc.org/docs/cve-2023-4408"
},
{
"category": "external",
"summary": "ISC Advisory",
"url": "https://kb.isc.org/docs/cve-2023-5517"
},
{
"category": "external",
"summary": "ISC Advisory",
"url": "https://kb.isc.org/docs/cve-2023-5679"
},
{
"category": "external",
"summary": "ISC Advisory",
"url": "https://kb.isc.org/docs/cve-2023-5680"
},
{
"category": "external",
"summary": "ISC Advisory",
"url": "https://kb.isc.org/docs/cve-2023-6516"
},
{
"category": "external",
"summary": "ISC Advisory",
"url": "https://kb.isc.org/docs/cve-2023-50387"
},
{
"category": "external",
"summary": "ISC Advisory",
"url": "https://kb.isc.org/docs/cve-2023-50868"
},
{
"category": "external",
"summary": "ISC Advisory",
"url": "https://kb.isc.org/docs/cve-2023-56808"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1335 vom 2024-03-14",
"url": "https://access.redhat.com/errata/RHSA-2024:1335"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1334 vom 2024-03-14",
"url": "https://access.redhat.com/errata/RHSA-2024:1334"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5620 vom 2024-02-14",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00027.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-C967C7D287 vom 2024-02-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c967c7d287"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-E24211EFF0 vom 2024-02-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-e24211eff0"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5621 vom 2024-02-14",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00028.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-E00ECEB11C vom 2024-02-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-e00eceb11c"
},
{
"category": "external",
"summary": "PowerDNS Security Advisory",
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
},
{
"category": "external",
"summary": "Infoblox Security Advisory",
"url": "https://support.infoblox.com/s/article/000009609"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5633 vom 2024-02-28",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00039.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0977 vom 2024-02-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-0977.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-B0F9656A76 vom 2024-02-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-b0f9656a76"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-08BD07FBEB vom 2024-02-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-08bd07fbeb"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-4E36DF9DFD vom 2024-02-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-4e36df9dfd"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-2E26ECCFCB vom 2024-02-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-2e26eccfcb"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-0B7BA715AF vom 2024-02-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0b7ba715af"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-4F0DBC2B30 vom 2024-02-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-4f0dbc2b30"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0965 vom 2024-02-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-0965.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6665-1 vom 2024-02-28",
"url": "https://ubuntu.com/security/notices/USN-6665-1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-499B9BE35F vom 2024-02-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-499b9be35f"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-7378BE30DD vom 2024-02-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-7378be30dd"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5626 vom 2024-02-18",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00033.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-FAE88B73EB vom 2024-02-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-fae88b73eb"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-21310568FA vom 2024-02-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-21310568fa"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-C36C448396 vom 2024-02-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c36c448396"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6642-1 vom 2024-02-19",
"url": "https://ubuntu.com/security/notices/USN-6642-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0574-1 vom 2024-02-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017984.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3736 vom 2024-02-21",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0590-1 vom 2024-02-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017996.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0965 vom 2024-02-26",
"url": "https://access.redhat.com/errata/RHSA-2024:0965"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1334 vom 2024-03-16",
"url": "http://linux.oracle.com/errata/ELSA-2024-1334.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1335 vom 2024-03-16",
"url": "http://linux.oracle.com/errata/ELSA-2024-1335.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5642 vom 2024-03-20",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00050.html"
},
{
"category": "external",
"summary": "F5 Security Advisory K000138990 vom 2024-03-26",
"url": "https://my.f5.com/manage/s/article/K000138990"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1522 vom 2024-03-26",
"url": "https://access.redhat.com/errata/RHSA-2024:1522"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1335 vom 2024-03-27",
"url": "https://errata.build.resf.org/RLSA-2024:1335"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1544 vom 2024-03-27",
"url": "https://access.redhat.com/errata/RHSA-2024:1544"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1543 vom 2024-03-27",
"url": "https://access.redhat.com/errata/RHSA-2024:1543"
},
{
"category": "external",
"summary": "FreeBSD Security Advisory FREEBSD-SA-24:03.UNBOUND vom 2024-03-28",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-24:03.unbound.asc"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1545 vom 2024-03-27",
"url": "https://access.redhat.com/errata/RHSA-2024:1545"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1648 vom 2024-04-02",
"url": "https://access.redhat.com/errata/RHSA-2024:1648"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1647 vom 2024-04-02",
"url": "https://access.redhat.com/errata/RHSA-2024:1647"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6723-1 vom 2024-04-09",
"url": "https://ubuntu.com/security/notices/USN-6723-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1781 vom 2024-04-11",
"url": "https://access.redhat.com/errata/RHSA-2024:1781"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1782 vom 2024-04-11",
"url": "https://access.redhat.com/errata/RHSA-2024:1782"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1789 vom 2024-04-11",
"url": "https://access.redhat.com/errata/RHSA-2024:1789"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1789 vom 2024-04-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-1789.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1782 vom 2024-04-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-1782.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1781 vom 2024-04-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-1781.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1803 vom 2024-04-15",
"url": "https://access.redhat.com/errata/RHSA-2024:1803"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1800 vom 2024-04-15",
"url": "https://access.redhat.com/errata/RHSA-2024:1800"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1801 vom 2024-04-15",
"url": "https://access.redhat.com/errata/RHSA-2024:1801"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1804 vom 2024-04-15",
"url": "https://access.redhat.com/errata/RHSA-2024:1804"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDNSMASQ-2024-002 vom 2024-04-18",
"url": "https://alas.aws.amazon.com/AL2/ALASDNSMASQ-2024-002.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6657-2 vom 2024-04-24",
"url": "https://ubuntu.com/security/notices/USN-6657-2"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2530 vom 2024-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2530.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2587 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2587"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2551 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2551"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2696 vom 2024-05-06",
"url": "https://access.redhat.com/errata/RHSA-2024:2696"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1781 vom 2024-05-06",
"url": "https://errata.build.resf.org/RLSA-2024:1781"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLBA-2024:1798 vom 2024-05-06",
"url": "https://errata.build.resf.org/RLBA-2024:1798"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1782 vom 2024-05-06",
"url": "https://errata.build.resf.org/RLSA-2024:1782"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2720 vom 2024-05-07",
"url": "https://access.redhat.com/errata/RHSA-2024:2720"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2721 vom 2024-05-07",
"url": "https://access.redhat.com/errata/RHSA-2024:2721"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2551 vom 2024-05-08",
"url": "https://linux.oracle.com/errata/ELSA-2024-2551.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2821 vom 2024-05-13",
"url": "https://access.redhat.com/errata/RHSA-2024:2821"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2890 vom 2024-05-16",
"url": "https://access.redhat.com/errata/RHSA-2024:2890"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3816 vom 2024-05-17",
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3267 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3267"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3271 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3271"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3271 vom 2024-05-30",
"url": "http://linux.oracle.com/errata/ELSA-2024-3271.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1894-1 vom 2024-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018640.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1923-1 vom 2024-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018654.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156443 vom 2024-06-05",
"url": "https://www.ibm.com/support/pages/node/7156443"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3741 vom 2024-06-10",
"url": "https://access.redhat.com/errata/RHSA-2024:3741"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3741 vom 2024-06-11",
"url": "https://linux.oracle.com/errata/ELSA-2024-3741.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1991-1 vom 2024-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018692.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1982-1 vom 2024-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018701.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3877 vom 2024-06-13",
"url": "https://access.redhat.com/errata/RHSA-2024:3877"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3929 vom 2024-06-14",
"url": "https://access.redhat.com/errata/RHSA-2024:3929"
}
],
"source_lang": "en-US",
"title": "Internet Systems Consortium BIND: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2024-06-13T22:00:00.000+00:00",
"generator": {
"date": "2024-06-14T08:08:37.780+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2024-0386",
"initial_release_date": "2024-02-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-02-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-02-14T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-02-18T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora und Debian aufgenommen"
},
{
"date": "2024-02-19T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-02-21T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2024-02-22T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-02-25T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-27T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Debian und Oracle Linux aufgenommen"
},
{
"date": "2024-02-28T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux und Ubuntu aufgenommen"
},
{
"date": "2024-03-04T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-03-14T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-17T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-03-18T23:00:00.000+00:00",
"number": "13",
"summary": "doppelten Eintrag entfernt"
},
{
"date": "2024-03-20T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-03-25T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2024-03-26T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-03-27T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat und FreeBSD aufgenommen"
},
{
"date": "2024-04-02T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-09T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-04-10T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-11T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-04-14T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-04-21T22:00:00.000+00:00",
"number": "24",
"summary": "Link korrigiert"
},
{
"date": "2024-04-24T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-06T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-12T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-02T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-04T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von SUSE und IBM aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2024-06-12T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "41"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "FreeBSD Project FreeBSD OS",
"product": {
"name": "FreeBSD Project FreeBSD OS",
"product_id": "4035",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:-"
}
}
}
],
"category": "vendor",
"name": "FreeBSD Project"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "1139691",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "IBM AIX 7.2",
"product_id": "T035154",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.2"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "IBM VIOS 3.1",
"product_id": "1039165",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:3.1"
}
}
},
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "IBM VIOS 4.1",
"product_id": "1522854",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:4.1"
}
}
}
],
"category": "product_name",
"name": "VIOS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8.6.2.4",
"product": {
"name": "Infoblox NIOS 8.6.2.4",
"product_id": "T032850",
"product_identification_helper": {
"cpe": "cpe:/o:infoblox:nios:8.6.2.4"
}
}
},
{
"category": "product_version",
"name": "8.6.3.2",
"product": {
"name": "Infoblox NIOS 8.6.3.2",
"product_id": "T032851",
"product_identification_helper": {
"cpe": "cpe:/o:infoblox:nios:8.6.3.2"
}
}
},
{
"category": "product_version",
"name": "8.6.4",
"product": {
"name": "Infoblox NIOS 8.6.4",
"product_id": "T032852",
"product_identification_helper": {
"cpe": "cpe:/o:infoblox:nios:8.6.4"
}
}
},
{
"category": "product_version",
"name": "9.0.2",
"product": {
"name": "Infoblox NIOS 9.0.2",
"product_id": "T032853",
"product_identification_helper": {
"cpe": "cpe:/o:infoblox:nios:9.0.2"
}
}
},
{
"category": "product_version",
"name": "9.0.3",
"product": {
"name": "Infoblox NIOS 9.0.3",
"product_id": "T032854",
"product_identification_helper": {
"cpe": "cpe:/o:infoblox:nios:9.0.3"
}
}
}
],
"category": "product_name",
"name": "NIOS"
}
],
"category": "vendor",
"name": "Infoblox"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.16.48",
"product": {
"name": "Internet Systems Consortium BIND \u003c9.16.48",
"product_id": "T032734",
"product_identification_helper": {
"cpe": "cpe:/a:isc:bind:9.16.48"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.18.24",
"product": {
"name": "Internet Systems Consortium BIND \u003c9.18.24",
"product_id": "T032735",
"product_identification_helper": {
"cpe": "cpe:/a:isc:bind:9.18.24"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.19.21",
"product": {
"name": "Internet Systems Consortium BIND \u003c9.19.21",
"product_id": "T032736",
"product_identification_helper": {
"cpe": "cpe:/a:isc:bind:9.19.21"
}
}
},
{
"category": "product_version_range",
"name": "Supported Preview Edition \u003c9.16.48-S1",
"product": {
"name": "Internet Systems Consortium BIND Supported Preview Edition \u003c9.16.48-S1",
"product_id": "T032737",
"product_identification_helper": {
"cpe": "cpe:/a:isc:bind:supported_preview_edition__9.16.48-s1"
}
}
},
{
"category": "product_version_range",
"name": "Supported Preview Edition \u003c9.18.24-S1",
"product": {
"name": "Internet Systems Consortium BIND Supported Preview Edition \u003c9.18.24-S1",
"product_id": "T032738",
"product_identification_helper": {
"cpe": "cpe:/a:isc:bind:supported_preview_edition__9.18.24-s1"
}
}
}
],
"category": "product_name",
"name": "BIND"
}
],
"category": "vendor",
"name": "Internet Systems Consortium"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.6",
"product": {
"name": "Open Source PowerDNS \u003c4.8.6",
"product_id": "T032836",
"product_identification_helper": {
"cpe": "cpe:/a:powerdns:authoritative:4.8.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.9.3",
"product": {
"name": "Open Source PowerDNS \u003c4.9.3",
"product_id": "T032837",
"product_identification_helper": {
"cpe": "cpe:/a:powerdns:authoritative:4.9.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.0.2",
"product": {
"name": "Open Source PowerDNS \u003c5.0.2",
"product_id": "T032838",
"product_identification_helper": {
"cpe": "cpe:/a:powerdns:authoritative:5.0.2"
}
}
}
],
"category": "product_name",
"name": "PowerDNS"
},
{
"category": "product_name",
"name": "Open Source dnsmasq",
"product": {
"name": "Open Source dnsmasq",
"product_id": "T033495",
"product_identification_helper": {
"cpe": "cpe:/a:dnsmasq:dnsmasq:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c22.04",
"product": {
"name": "Ubuntu Linux \u003c22.04",
"product_id": "T032739",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:22.04"
}
}
},
{
"category": "product_version_range",
"name": "\u003c23.10",
"product": {
"name": "Ubuntu Linux \u003c23.10",
"product_id": "T032740",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:23.10"
}
}
}
],
"category": "product_name",
"name": "Linux"
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4408",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in BIND des Internet Systems Consortium. Diese Fehler bestehen in verschiedenen Prozessen wie dem Parsen gro\u00dfer DNS-Meldungen, dem Abfragen von RFC 1918 Reverse-Zonen oder dem Bereinigen eines ECS-aktivierten Caches. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T032852",
"T032853",
"T032850",
"T032851",
"67646",
"4035",
"T032854",
"1039165",
"1522854",
"T035154",
"T004914",
"T032255",
"74185",
"T033495",
"1139691",
"2951",
"T002207",
"T000126",
"T032838",
"T001663",
"398363",
"T032836",
"T032837"
]
},
"release_date": "2024-02-13T23:00:00Z",
"title": "CVE-2023-4408"
},
{
"cve": "CVE-2023-50387",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in BIND des Internet Systems Consortium. Diese Fehler bestehen in verschiedenen Prozessen wie dem Parsen gro\u00dfer DNS-Meldungen, dem Abfragen von RFC 1918 Reverse-Zonen oder dem Bereinigen eines ECS-aktivierten Caches. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T032852",
"T032853",
"T032850",
"T032851",
"67646",
"4035",
"T032854",
"1039165",
"1522854",
"T035154",
"T004914",
"T032255",
"74185",
"T033495",
"1139691",
"2951",
"T002207",
"T000126",
"T032838",
"T001663",
"398363",
"T032836",
"T032837"
]
},
"release_date": "2024-02-13T23:00:00Z",
"title": "CVE-2023-50387"
},
{
"cve": "CVE-2023-50868",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in BIND des Internet Systems Consortium. Diese Fehler bestehen in verschiedenen Prozessen wie dem Parsen gro\u00dfer DNS-Meldungen, dem Abfragen von RFC 1918 Reverse-Zonen oder dem Bereinigen eines ECS-aktivierten Caches. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T032852",
"T032853",
"T032850",
"T032851",
"67646",
"4035",
"T032854",
"1039165",
"1522854",
"T035154",
"T004914",
"T032255",
"74185",
"T033495",
"1139691",
"2951",
"T002207",
"T000126",
"T032838",
"T001663",
"398363",
"T032836",
"T032837"
]
},
"release_date": "2024-02-13T23:00:00Z",
"title": "CVE-2023-50868"
},
{
"cve": "CVE-2023-5517",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in BIND des Internet Systems Consortium. Diese Fehler bestehen in verschiedenen Prozessen wie dem Parsen gro\u00dfer DNS-Meldungen, dem Abfragen von RFC 1918 Reverse-Zonen oder dem Bereinigen eines ECS-aktivierten Caches. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T032852",
"T032853",
"T032850",
"T032851",
"67646",
"4035",
"T032854",
"1039165",
"1522854",
"T035154",
"T004914",
"T032255",
"74185",
"T033495",
"1139691",
"2951",
"T002207",
"T000126",
"T032838",
"T001663",
"398363",
"T032836",
"T032837"
]
},
"release_date": "2024-02-13T23:00:00Z",
"title": "CVE-2023-5517"
},
{
"cve": "CVE-2023-5679",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in BIND des Internet Systems Consortium. Diese Fehler bestehen in verschiedenen Prozessen wie dem Parsen gro\u00dfer DNS-Meldungen, dem Abfragen von RFC 1918 Reverse-Zonen oder dem Bereinigen eines ECS-aktivierten Caches. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T032852",
"T032853",
"T032850",
"T032851",
"67646",
"4035",
"T032854",
"1039165",
"1522854",
"T035154",
"T004914",
"T032255",
"74185",
"T033495",
"1139691",
"2951",
"T002207",
"T000126",
"T032838",
"T001663",
"398363",
"T032836",
"T032837"
]
},
"release_date": "2024-02-13T23:00:00Z",
"title": "CVE-2023-5679"
},
{
"cve": "CVE-2023-5680",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in BIND des Internet Systems Consortium. Diese Fehler bestehen in verschiedenen Prozessen wie dem Parsen gro\u00dfer DNS-Meldungen, dem Abfragen von RFC 1918 Reverse-Zonen oder dem Bereinigen eines ECS-aktivierten Caches. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T032852",
"T032853",
"T032850",
"T032851",
"67646",
"4035",
"T032854",
"1039165",
"1522854",
"T035154",
"T004914",
"T032255",
"74185",
"T033495",
"1139691",
"2951",
"T002207",
"T000126",
"T032838",
"T001663",
"398363",
"T032836",
"T032837"
]
},
"release_date": "2024-02-13T23:00:00Z",
"title": "CVE-2023-5680"
},
{
"cve": "CVE-2023-6516",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in BIND des Internet Systems Consortium. Diese Fehler bestehen in verschiedenen Prozessen wie dem Parsen gro\u00dfer DNS-Meldungen, dem Abfragen von RFC 1918 Reverse-Zonen oder dem Bereinigen eines ECS-aktivierten Caches. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T032852",
"T032853",
"T032850",
"T032851",
"67646",
"4035",
"T032854",
"1039165",
"1522854",
"T035154",
"T004914",
"T032255",
"74185",
"T033495",
"1139691",
"2951",
"T002207",
"T000126",
"T032838",
"T001663",
"398363",
"T032836",
"T032837"
]
},
"release_date": "2024-02-13T23:00:00Z",
"title": "CVE-2023-6516"
}
]
}
ghsa-m868-f948-vvjc
Vulnerability from github
Published
2024-02-13 15:31
Modified
2024-05-03 15:30
Severity
Details
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
{
"affected": [],
"aliases": [
"CVE-2023-5680"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-13T14:15:45Z",
"severity": "MODERATE"
},
"details": "If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. \nThis issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",
"id": "GHSA-m868-f948-vvjc",
"modified": "2024-05-03T15:30:36Z",
"published": "2024-02-13T15:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5680"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2023-5680"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240503-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Loading...