CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
44.1%
Bind9 is vulnerable to denial of service. The vulnerability is due to asynchronous processes of named
running as a recursive resolver component of BIND, when attempting to clean up its cache database which enables the list of queued cleanup events to grow infinitely large over time, allowing the configured max-cache-size
limit to be significantly exceeded. The vulnerability could be exploited by an attacker to cause the BIND service to consume excessive resources, leading to performance degradation or unresponsiveness and also potentially can impact the availability and reliability of DNS resolution services.
www.openwall.com/lists/oss-security/2024/02/13/1
kb.isc.org/docs/cve-2023-6516
lists.fedoraproject.org/archives/list/[email protected]/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
lists.fedoraproject.org/archives/list/[email protected]/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
security-tracker.debian.org/tracker/CVE-2023-6516
security.netapp.com/advisory/ntap-20240503-0008/