Bug 2239621 (CVE-2023-3341)
| Summary: | CVE-2023-3341 bind: stack exhaustion in control channel code may lead to DoS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | pemensik, psampaio, sbroz, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | bind 9.16.44, bind 9.18.19, bind 9.19.17, bind 9.16.44-S1, bind 9.18.19-S1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2239874, 2239875 | ||
| Bug Blocks: | 2239616 | ||
|
Description
Marian Rehak
2023-09-19 12:37:38 UTC
Public via https://kb.isc.org/docs/cve-2023-3341 Created bind tracking bugs for this issue: Affects: fedora-37 [bug 2239874] Affects: fedora-38 [bug 2239875] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5460 https://access.redhat.com/errata/RHSA-2023:5460 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5473 https://access.redhat.com/errata/RHSA-2023:5473 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5474 https://access.redhat.com/errata/RHSA-2023:5474 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5526 https://access.redhat.com/errata/RHSA-2023:5526 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:5527 https://access.redhat.com/errata/RHSA-2023:5527 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:5529 https://access.redhat.com/errata/RHSA-2023:5529 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5689 https://access.redhat.com/errata/RHSA-2023:5689 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5690 https://access.redhat.com/errata/RHSA-2023:5690 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:5691 https://access.redhat.com/errata/RHSA-2023:5691 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5771 https://access.redhat.com/errata/RHSA-2023:5771 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION Via RHSA-2025:0039 https://access.redhat.com/errata/RHSA-2025:0039 |