{
  "threat_severity" : "Important",
  "public_date" : "2023-09-20T00:00:00Z",
  "bugzilla" : {
    "description" : "bind: stack exhaustion in control channel code may lead to DoS",
    "id" : "2239621",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2239621"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.", "A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly." ],
  "statement" : "Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key, only network access to the control channel’s configured TCP port is necessary.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
    "release_date" : "2025-01-06T00:00:00Z",
    "advisory" : "RHSA-2025:0039",
    "cpe" : "cpe:/o:redhat:rhel_els:6",
    "package" : "bind-32:9.8.2-0.68.rc1.el6_10.14"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
    "release_date" : "2025-01-06T00:00:00Z",
    "advisory" : "RHSA-2025:0039",
    "cpe" : "cpe:/o:redhat:rhel_els:6",
    "package" : "bind-dyndb-ldap-0:2.3-8.el6_10.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2023-10-12T00:00:00Z",
    "advisory" : "RHSA-2023:5691",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "bind-32:9.11.4-26.P2.el7_9.15"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-10-05T00:00:00Z",
    "advisory" : "RHSA-2023:5460",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "bind9.16-32:9.16.23-0.14.el8_8.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-10-05T00:00:00Z",
    "advisory" : "RHSA-2023:5474",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "bind-32:9.11.36-8.el8_8.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-10-05T00:00:00Z",
    "advisory" : "RHSA-2023:5474",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "bind-32:9.11.36-8.el8_8.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "release_date" : "2023-10-09T00:00:00Z",
    "advisory" : "RHSA-2023:5526",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.1",
    "package" : "bind-32:9.11.4-26.P2.el8_1.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2023-10-09T00:00:00Z",
    "advisory" : "RHSA-2023:5527",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.2",
    "package" : "bind-32:9.11.13-6.el8_2.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
    "release_date" : "2023-10-09T00:00:00Z",
    "advisory" : "RHSA-2023:5527",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.2",
    "package" : "bind-32:9.11.13-6.el8_2.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
    "release_date" : "2023-10-09T00:00:00Z",
    "advisory" : "RHSA-2023:5527",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.2",
    "package" : "bind-32:9.11.13-6.el8_2.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2023-10-09T00:00:00Z",
    "advisory" : "RHSA-2023:5529",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "bind-32:9.11.26-4.el8_4.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "release_date" : "2023-10-09T00:00:00Z",
    "advisory" : "RHSA-2023:5529",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.4",
    "package" : "bind-32:9.11.26-4.el8_4.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "release_date" : "2023-10-09T00:00:00Z",
    "advisory" : "RHSA-2023:5529",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.4",
    "package" : "bind-32:9.11.26-4.el8_4.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2023-10-05T00:00:00Z",
    "advisory" : "RHSA-2023:5473",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.6",
    "package" : "bind-32:9.11.36-3.el8_6.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2023-10-17T00:00:00Z",
    "advisory" : "RHSA-2023:5771",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.6",
    "package" : "bind9.16-32:9.16.23-0.7.el8_6.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-10-12T00:00:00Z",
    "advisory" : "RHSA-2023:5689",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "bind-32:9.16.23-11.el9_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2023-10-12T00:00:00Z",
    "advisory" : "RHSA-2023:5690",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0",
    "package" : "bind-32:9.16.23-1.el9_0.3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-3341\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3341" ],
  "name" : "CVE-2023-3341",
  "mitigation" : {
    "value" : "By default, named only allows control-channel connections over the loopback interface, making this attack impossible to carry out over the network. When enabling remote access to the control channel’s configured TCP port, care should be taken to limit such access to trusted IP ranges on the network level, effectively preventing unauthorized parties from carrying out the attack described in this advisory.",
    "lang" : "en:us"
  },
  "csaw" : false
}