{ "threat_severity" : "Important", "public_date" : "2023-06-21T00:00:00Z", "bugzilla" : { "description" : "bind: named's configured cache size limit can be significantly exceeded", "id" : "2216227", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2216227" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.\nIt has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.", "A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly." ], "acknowledgement" : "Upstream acknowledges Anat Bremler-Barr (Tel-Aviv University), Shoham Danino (Reichman University), Yehuda Afek (Tel-Aviv University), and Yuval Shavitt (Tel-Aviv University) as the original reporters.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2023-07-18T00:00:00Z", "advisory" : "RHSA-2023:4152", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "bind-32:9.11.4-26.P2.el7_9.14" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-07-17T00:00:00Z", "advisory" : "RHSA-2023:4100", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "bind9.16-32:9.16.23-0.14.el8_8.1" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-07-17T00:00:00Z", "advisory" : "RHSA-2023:4102", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "bind-32:9.11.36-8.el8_8.1" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-07-17T00:00:00Z", "advisory" : "RHSA-2023:4102", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "bind-32:9.11.36-8.el8_8.1" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date" : "2023-07-18T00:00:00Z", "advisory" : "RHSA-2023:4154", "cpe" : "cpe:/a:redhat:rhel_e4s:8.1", "package" : "bind-32:9.11.4-26.P2.el8_1.7" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2023-07-18T00:00:00Z", "advisory" : "RHSA-2023:4153", "cpe" : "cpe:/a:redhat:rhel_aus:8.2", "package" : "bind-32:9.11.13-6.el8_2.5" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date" : "2023-07-18T00:00:00Z", "advisory" : "RHSA-2023:4153", "cpe" : "cpe:/a:redhat:rhel_tus:8.2", "package" : "bind-32:9.11.13-6.el8_2.5" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date" : "2023-07-18T00:00:00Z", "advisory" : "RHSA-2023:4153", "cpe" : "cpe:/a:redhat:rhel_e4s:8.2", "package" : "bind-32:9.11.13-6.el8_2.5" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2023-07-31T00:00:00Z", "advisory" : "RHSA-2023:4332", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "bind-32:9.11.26-4.el8_4.2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2023-07-31T00:00:00Z", "advisory" : "RHSA-2023:4332", "cpe" : "cpe:/a:redhat:rhel_tus:8.4", "package" : "bind-32:9.11.26-4.el8_4.2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date" : "2023-07-31T00:00:00Z", "advisory" : "RHSA-2023:4332", "cpe" : "cpe:/a:redhat:rhel_e4s:8.4", "package" : "bind-32:9.11.26-4.el8_4.2" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date" : "2023-07-12T00:00:00Z", "advisory" : "RHSA-2023:4037", "cpe" : "cpe:/a:redhat:rhel_eus:8.6", "package" : "bind9.16-32:9.16.23-0.7.el8_6.2" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date" : "2023-07-17T00:00:00Z", "advisory" : "RHSA-2023:4101", "cpe" : "cpe:/a:redhat:rhel_eus:8.6", "package" : "bind-32:9.11.36-3.el8_6.4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-07-17T00:00:00Z", "advisory" : "RHSA-2023:4099", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "bind-32:9.16.23-11.el9_2.1" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date" : "2023-07-10T00:00:00Z", "advisory" : "RHSA-2023:4005", "cpe" : "cpe:/a:redhat:rhel_eus:9.0", "package" : "bind-32:9.16.23-1.el9_0.2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "bind", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "dhcp", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-2828\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2828\nhttps://kb.isc.org/docs/cve-2023-2828" ], "name" : "CVE-2023-2828", "csaw" : false }