Oracle Linux 7 : bind (ELSA-2023-5691)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5691 advisory. 32:9.11.4-26.P2.15 - Limit the amount of recursion possible in control channel CVE-2023-3341 Tenable has extracted the preceding description block directly from...

bind: stack exhaustion in control channel code may lead to DoS

A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code...

Oracle Linux 8 : bind9.16 (ELSA-2023-5460)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5460 advisory. 32:9.16.23-14.2 - stack exhaustion in control channel code may lead to DoS CVE-2023-3341 Tenable has extracted the preceding description block directly from the...

bind: stack exhaustion in control channel code may lead to DoS

A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code...

Amazon Linux 2 : bind (ALAS-2023-2273)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2273 advisory. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursi...

OESA-2023-1689 bind security update

Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: The code...

Slackware Linux 15.0 / current bind Vulnerability (SSA:2023-264-01)

The version of bind installed on the remote host is prior to 9.16.44 / 9.18.19. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-264-01 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing...

ALPINE-CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

AZL-34562 CVE-2023-3341 affecting package bind for versions less than 9.16.44-1

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Bind vulnerabilities (USN-6390-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6390-1 advisory. It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channe...

ISC BIND Buffer Error Vulnerability

ISC BIND is a set of open-source software that implements the DNS protocol from the American company ISC. A buffer error vulnerability exists in ISC BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18 .18-S...

Wireshark 4.0.x < 4.0.8 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.8 advisory. - Multiple integer signedness errors in the tvbunmasked function in epan/dissectors/packet-websocket.c in...

CVE-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

SUSE CVE-2014-3532

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service system-bus disconnect of other services or applications by sending a message containing a file descriptor, then exceeding the maximum recursion depth before...

SUSE CVE-2016-3705

The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...

SUSE CVE-2016-6513

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service application crash via a crafted packet...

SUSE CVE-2017-9766

In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service stack exhaustion in the dissectIODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c...

SUSE CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth...

SUSE CVE-2018-9256

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth...