CVE-2023-5517

2024-02-1300:00:00

ubuntu.com

named query-handling premature-exit assertion-failure nxdomain-response bind-9 isc-dhcp unix cve-2023-5517 flaw-configured ptr-query rfc-1918-address authoritative-vulnerability isc-dhcp-4.4.3-1 bind9-libs-affected unpatched-versions

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

A flaw in query-handling code can cause named to exit prematurely with an
assertion failure when: - nxdomain-redirect <domain>; is configured, and

the resolver receives a PTR query for an RFC 1918 address that would
normally result in an authoritative NXDOMAIN response. This issue affects
BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0
through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through
9.18.21-S1.

Notes

Author	Note
alexmurray	As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs
mdeslaur	9.11.x in isc-dhcp and bind9-libs not affected

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchbind9< anyUNKNOWN
ubuntu20.04noarchbind9< 1:9.16.48-0ubuntu0.20.04.1UNKNOWN
ubuntu22.04noarchbind9< 1:9.18.18-0ubuntu0.22.04.2UNKNOWN
ubuntu23.10noarchbind9< 1:9.18.18-0ubuntu2.1UNKNOWN
ubuntu24.04noarchbind9< 1:9.18.24-0ubuntu1UNKNOWN
ubuntu14.04noarchbind9< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	bind9	< any	UNKNOWN
ubuntu	20.04	noarch	bind9	< 1:9.16.48-0ubuntu0.20.04.1	UNKNOWN
ubuntu	22.04	noarch	bind9	< 1:9.18.18-0ubuntu0.22.04.2	UNKNOWN
ubuntu	23.10	noarch	bind9	< 1:9.18.18-0ubuntu2.1	UNKNOWN
ubuntu	24.04	noarch	bind9	< 1:9.18.24-0ubuntu1	UNKNOWN
ubuntu	14.04	noarch	bind9	< any	UNKNOWN