The vulnerability of the DNSSEC component of the DNS server BIND implementation allows a attacker to cause service failures.

🗓️ 19 Feb 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

BIND DNSSEC vulnerability enables service failures through unlimited resource distribution during zone creation.

Reporter	Title	Published	Views	Family All 694
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-50387]	20 Jun 202418:07	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in bind and dnsmasq affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products	26 Feb 202515:47	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND	5 Jun 202416:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	6 Jun 202414:36	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Technical Support Appliance - possible excessive CPU usage or denial of service	21 Nov 202421:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities	13 Jun 202406:21	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-50387]	14 Nov 202417:28	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libmaxminddb, dnsmasq and bind affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem product	24 Sep 202409:01	–	ibm
FreeBSD	DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities	6 Feb 202400:00	–	freebsd
FreeBSD	powerdns-recursor -- Multiple Vulnerabilities	14 Feb 202400:00	–	freebsd

Vulners

Node

internet_systems_consortium bindRange9.0.0–9.16.48

OR

internet_systems_consortium bindRange9.18.0–9.18.24

OR

internet_systems_consortium bindRange9.19.0–9.19.21

OR

red_hat red_hat_enterprise_linuxMatch6

OR

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

OR

red_hat red_hat_enterprise_linuxMatch9

OR

fedora fedoraMatch39

OR

canonical ubuntuMatch23.10

Source	Link
altsp	www.altsp.su/obnovleniya-bezopasnosti/
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.10/
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/
kb	www.kb.isc.org/docs/cve-2023-50387
security-tracker	www.security-tracker.debian.org/tracker/CVE-2023-50387
access	www.access.redhat.com/security/cve/CVE-2023-50387
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.11.1/

01 Jun 2026 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 37.5

CVSS 27.8

EPSS0.99995

bind server domain name system security extensions zone creation resource exhaustion