Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-2828

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.9%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2023-2828
  • Isc » Bind » Version: 9.11.12
    cpe:2.3:a:isc:bind:9.11.12
  • Isc » Bind » Version: 9.11.21
    cpe:2.3:a:isc:bind:9.11.21
  • Isc » Bind » Version: 9.11.27
    cpe:2.3:a:isc:bind:9.11.27
  • Isc » Bind » Version: 9.11.29
    cpe:2.3:a:isc:bind:9.11.29
  • Isc » Bind » Version: 9.11.3
    cpe:2.3:a:isc:bind:9.11.3
  • Isc » Bind » Version: 9.11.31
    cpe:2.3:a:isc:bind:9.11.31
  • Isc » Bind » Version: 9.11.35
    cpe:2.3:a:isc:bind:9.11.35
  • Isc » Bind » Version: 9.11.36
    cpe:2.3:a:isc:bind:9.11.36
  • Isc » Bind » Version: 9.11.37
    cpe:2.3:a:isc:bind:9.11.37
  • Isc » Bind » Version: 9.11.4
    cpe:2.3:a:isc:bind:9.11.4
  • Isc » Bind » Version: 9.11.5
    cpe:2.3:a:isc:bind:9.11.5
  • Isc » Bind » Version: 9.11.6
    cpe:2.3:a:isc:bind:9.11.6
  • Isc » Bind » Version: 9.11.7
    cpe:2.3:a:isc:bind:9.11.7
  • Isc » Bind » Version: 9.11.8
    cpe:2.3:a:isc:bind:9.11.8
  • Isc » Bind » Version: 9.12.0
    cpe:2.3:a:isc:bind:9.12.0
  • Isc » Bind » Version: 9.16.0
    cpe:2.3:a:isc:bind:9.16.0
  • Isc » Bind » Version: 9.16.11
    cpe:2.3:a:isc:bind:9.16.11
  • Isc » Bind » Version: 9.16.12
    cpe:2.3:a:isc:bind:9.16.12
  • Isc » Bind » Version: 9.16.13
    cpe:2.3:a:isc:bind:9.16.13
  • Isc » Bind » Version: 9.16.14
    cpe:2.3:a:isc:bind:9.16.14
  • Isc » Bind » Version: 9.16.15
    cpe:2.3:a:isc:bind:9.16.15
  • Isc » Bind » Version: 9.16.19
    cpe:2.3:a:isc:bind:9.16.19
  • Isc » Bind » Version: 9.16.21
    cpe:2.3:a:isc:bind:9.16.21
  • Isc » Bind » Version: 9.16.22
    cpe:2.3:a:isc:bind:9.16.22
  • Isc » Bind » Version: 9.16.32
    cpe:2.3:a:isc:bind:9.16.32
  • Isc » Bind » Version: 9.16.36
    cpe:2.3:a:isc:bind:9.16.36
  • Isc » Bind » Version: 9.16.37
    cpe:2.3:a:isc:bind:9.16.37
  • Isc » Bind » Version: 9.16.8
    cpe:2.3:a:isc:bind:9.16.8
  • Isc » Bind » Version: 9.18.0
    cpe:2.3:a:isc:bind:9.18.0
  • Isc » Bind » Version: 9.18.1
    cpe:2.3:a:isc:bind:9.18.1
  • Isc » Bind » Version: 9.18.10
    cpe:2.3:a:isc:bind:9.18.10
  • Isc » Bind » Version: 9.18.11
    cpe:2.3:a:isc:bind:9.18.11
  • Isc » Bind » Version: 9.18.2
    cpe:2.3:a:isc:bind:9.18.2
  • Isc » Bind » Version: 9.18.3
    cpe:2.3:a:isc:bind:9.18.3
  • Isc » Bind » Version: 9.18.4
    cpe:2.3:a:isc:bind:9.18.4
  • Isc » Bind » Version: 9.18.5
    cpe:2.3:a:isc:bind:9.18.5
  • Isc » Bind » Version: 9.18.6
    cpe:2.3:a:isc:bind:9.18.6
  • Isc » Bind » Version: 9.18.7
    cpe:2.3:a:isc:bind:9.18.7
  • Isc » Bind » Version: 9.18.8
    cpe:2.3:a:isc:bind:9.18.8
  • Isc » Bind » Version: 9.19.0
    cpe:2.3:a:isc:bind:9.19.0
  • Isc » Bind » Version: 9.19.1
    cpe:2.3:a:isc:bind:9.19.1
  • Isc » Bind » Version: 9.19.2
    cpe:2.3:a:isc:bind:9.19.2
  • Isc » Bind » Version: 9.19.3
    cpe:2.3:a:isc:bind:9.19.3
  • Isc » Bind » Version: 9.19.4
    cpe:2.3:a:isc:bind:9.19.4
  • Isc » Bind » Version: 9.19.5
    cpe:2.3:a:isc:bind:9.19.5
  • Isc » Bind » Version: 9.19.6
    cpe:2.3:a:isc:bind:9.19.6
  • Isc » Bind » Version: 9.19.8
    cpe:2.3:a:isc:bind:9.19.8
  • Isc » Bind » Version: 9.19.9
    cpe:2.3:a:isc:bind:9.19.9
  • Netapp » Active Iq Unified Manager » Version: N/A
    cpe:2.3:a:netapp:active_iq_unified_manager:-
  • Netapp » H300s » Version: N/A
    cpe:2.3:h:netapp:h300s:-
  • Netapp » H410c » Version: N/A
    cpe:2.3:h:netapp:h410c:-
  • Netapp » H410s » Version: N/A
    cpe:2.3:h:netapp:h410s:-
  • Netapp » H500s » Version: N/A
    cpe:2.3:h:netapp:h500s:-
  • Netapp » H700s » Version: N/A
    cpe:2.3:h:netapp:h700s:-
  • Debian » Debian Linux » Version: 10.0
    cpe:2.3:o:debian:debian_linux:10.0
  • Debian » Debian Linux » Version: 11.0
    cpe:2.3:o:debian:debian_linux:11.0
  • Debian » Debian Linux » Version: 12.0
    cpe:2.3:o:debian:debian_linux:12.0
  • Fedoraproject » Fedora » Version: 37
    cpe:2.3:o:fedoraproject:fedora:37
  • Fedoraproject » Fedora » Version: 38
    cpe:2.3:o:fedoraproject:fedora:38
  • Netapp » H300s Firmware » Version: N/A
    cpe:2.3:o:netapp:h300s_firmware:-
  • Netapp » H410c Firmware » Version: N/A
    cpe:2.3:o:netapp:h410c_firmware:-
  • Netapp » H410s Firmware » Version: N/A
    cpe:2.3:o:netapp:h410s_firmware:-
  • Netapp » H500s Firmware » Version: N/A
    cpe:2.3:o:netapp:h500s_firmware:-
  • Netapp » H700s Firmware » Version: N/A
    cpe:2.3:o:netapp:h700s_firmware:-


Products
Pricing
Contact Us

Shodan ® - All rights reserved