CVE-2023-5679

2024-02-1300:00:00

ubuntu.com

dns64

serve-stale

named crash

assertion failure

recursive resolution

bind 9

security vulnerability

isc-dhcp

mdeslaur

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

A bad interaction between DNS64 and serve-stale may cause named to crash
with an assertion failure during recursive resolution, when both of these
features are enabled. This issue affects BIND 9 versions 9.16.12 through
9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through
9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Notes

Author	Note
alexmurray	As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs
mdeslaur	possibly introduced in 9.16.12

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchbind9< 1:9.18.18-0ubuntu0.22.04.2UNKNOWN
ubuntu23.10noarchbind9< 1:9.18.18-0ubuntu2.1UNKNOWN
ubuntu24.04noarchbind9< anyUNKNOWN
ubuntu18.04noarchisc-dhcp< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	bind9	< 1:9.18.18-0ubuntu0.22.04.2	UNKNOWN
ubuntu	23.10	noarch	bind9	< 1:9.18.18-0ubuntu2.1	UNKNOWN
ubuntu	24.04	noarch	bind9	< any	UNKNOWN
ubuntu	18.04	noarch	isc-dhcp	< any	UNKNOWN