kernel: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9kwmicmd. The callback writes...

Mageia: Security Advisory (MGASA-2023-0303)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 9 : bind (ELSA-2023-5689)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5689 advisory. 32:9.16.23-11.2 - stack exhaustion in control channel code may lead to DoS CVE-2023-3341 Tenable has extracted the preceding description block directly from the...

Oracle Linux 7 : bind (ELSA-2023-5691)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5691 advisory. 32:9.11.4-26.P2.15 - Limit the amount of recursion possible in control channel CVE-2023-3341 Tenable has extracted the preceding description block directly from...

Ubuntu 16.04 ESM / 18.04 ESM : Bind vulnerability (USN-6421-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6421-1 advisory. It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly...

Amazon Linux AMI : bind (ALAS-2023-1845)

The version of bind installed on the remote host is prior to 9.8.2-0.68.rc1.91. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1845 advisory. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing...

Oracle Linux 8 : bind (ELSA-2023-5474)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5474 advisory. 32:9.11.36-8.2 - stack exhaustion in control channel code may lead to DoS CVE-2023-3341 Tenable has extracted the preceding description block directly from the...

Amazon Linux 2 : bind (ALAS-2023-2273)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2273 advisory. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursi...

Important: bind

Issue Overview: The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of availab...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2023-372)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-372 advisory. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending o...

Fedora 38 : bind / bind-dyndb-ldap (2023-a2621f58a9)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-a2621f58a9 advisory. BIND 9.18.19 Security Fixes - Previously, sending a specially crafted message over the control channel could cause the packet- parsing code to run o...

SUSE SLES12 Security Update : bind (SUSE-SU-2023:3796-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3796-1 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bind (SUSE-SU-2023:3737-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3737-1 advisory. - The code that processes control channel messages sent to named calls certain functions recursively duri...

Debian DSA-5504-1 : bind9 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5504 advisory. Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2023-3341 A stack exhaustion flaw was discovered in the control channel cod...

CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

ISC BIND DoS Vulnerability (CVE-2023-3341) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

ISC BIND DoS Vulnerability (CVE-2023-3341) - Linux

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

ISC BIND 9.2.0 < 9.16.44 / 9.9.3-S1 < 9.16.44-S1 / 9.18.0 < 9.18.19 / 9.18.0-S1 < 9.18.19-S1 / 9.19.0 < 9.19.17 Vulnerability (cve-2023-3341)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-3341 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing...

Oracle Linux 7 : ELSA-2017-1842-1: / kernel (ELSA-2017-18421)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-18421 advisory. - The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that chan...

PT-2023-18315 · Hlos · Hlos

Name of the Vulnerable Software and Affected Versions: HLOS affected versions not specified Description: A cryptographic issue exists where derived keys used for encryption and decryption remain present on the stack after use. Recommendations: At the moment, there is no information about a newer...