Tenda AC10 缓冲区错误漏洞

Tenda AC10U is a dual-band Gigabit wireless router from Tenda Technology, designed for 200 megabit and above fiber optic homes, supporting 802.11ac dual-band technology 2.4GHz and 5GHz, with a theoretical WiFi rate of up to 867Mbps. The Tenda AC10U suffers from a stack buffer overflow...

SUSE: Security Advisory (SUSE-SU-2023:3796-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : bind (SUSE-SU-2023:3796-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3796-1 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth ...

SUSE-SU-2023:3796-1 Security update for bind

This update for bind fixes the following issues: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly bsc1215472...

The vulnerability of the DNS-server BIND daemon, which allows a hacker to cause a service failure.

The vulnerability of the DNS-server BIND daemon is related to the escape of operations beyond the buffer in memory due to uncontrolled recursion during the processing of incoming packets. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted...

The vulnerability of the DoT protocol’s implementation in BIND DNS servers allows a attacker to induce a service failure.

The vulnerability of the DoT protocol DNS over TLS implementation in BIND DNS servers lies in the insufficient use of the assert function or similar operators when processing requests. Exploiting this vulnerability allows a malicious actor to cause service failures...

SUSE CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

SUSE CVE-2023-4236

A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bind (SUSE-SU-2023:3737-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3737-1 advisory. - The code that processes control channel messages sent to named calls certain functions recursively duri...

SUSE-SU-2023:3737-1 Security update for bind

This update for bind fixes the following issues: Update to release 9.16.44: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly bsc1215472...

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

Atlassian and the Internet Systems Consortium ISC have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service DoS and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new...

Slackware: Security Advisory (SSA:2023-264-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] bind

New bind packages are available for Slackware 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.16.44-i586-1slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Limit the amount of recursion that can be...

ISC Releases Security Advisories for BIND 9

The Internet Systems Consortium ISC has released security advisories to address vulnerabilities affecting ISC’s Berkeley Internet Name Domain BIND 9. A malicious cyber actor could exploit these vulnerabilities to cause denial-of-service conditions. CISA encourages users and administrators to revi...

Vulnerabilities fixed in ISC BIND

ISC has fixed vulnerabilities in BIND. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. The vulnerability with reference CVE-2023-3341 is located in the way in which control channel messages are processed. If too large messages, the named process can...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.7.0.5)

The version of AOS installed on the remote host is prior to 6.7.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.7.0.5 advisory. - An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the...

Slackware Linux 15.0 / current bind Vulnerability (SSA:2023-264-01)

The version of bind installed on the remote host is prior to 9.16.44 / 9.18.19. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-264-01 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing...

CVE-2023-3341

A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code...

CVE-2023-4236

A flaw was found in the Bind package. The networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. A named instance vulnerable t...

CVE-2023-4236

A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18...