CVE-2023-5680

2024-02-1314:15:45

Debian Security Bug Tracker

security-tracker.debian.org

cve-2023-5680

bind 9

resolver cache

performance issue

ecs records

query

database

unix

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

OSVersionArchitecturePackageVersionFilename
Debian12allbind9< 1:9.18.24-1bind9_1:9.18.24-1_all.deb
Debian11allbind9< 1:9.16.48-1bind9_1:9.16.48-1_all.deb
Debian999allbind9< 1:9.19.24-185-g392e7199df2-1bind9_1:9.19.24-185-g392e7199df2-1_all.deb
Debian13allbind9< 1:9.19.24-185-g392e7199df2-1bind9_1:9.19.24-185-g392e7199df2-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	bind9	< 1:9.18.24-1	bind9_1:9.18.24-1_all.deb
Debian	11	all	bind9	< 1:9.16.48-1	bind9_1:9.16.48-1_all.deb
Debian	999	all	bind9	< 1:9.19.24-185-g392e7199df2-1	bind9_1:9.19.24-185-g392e7199df2-1_all.deb
Debian	13	all	bind9	< 1:9.19.24-185-g392e7199df2-1	bind9_1:9.19.24-185-g392e7199df2-1_all.deb