Bug 2239661 (CVE-2023-4236)

Summary: CVE-2023-4236 bind: an assertion failure may lead to DoS
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: bind 9.18.19, bind 9.18.19-S1 Doc Type: ---
Doc Text:
A flaw was found in the Bind package. The networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. A named instance vulnerable to this flaw may terminate unexpectedly when subjected to significant DNS-over-TLS query load.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2239877, 2239878    
Bug Blocks: 2239616    

Description Marian Rehak 2023-09-19 16:17:29 UTC 
A flaw was found in the Bind package. The networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. A named instance vulnerable to this flaw may terminate unexpectedly when subjected to significant DNS-over-TLS query load.
Comment 1 Marian Rehak 2023-09-20 15:17:28 UTC 
Public via https://kb.isc.org/docs/cve-2023-4236
Comment 2 Marian Rehak 2023-09-20 15:18:30 UTC 
Created bind tracking bugs for this issue:

Affects: fedora-37 [bug 2239877]
Affects: fedora-38 [bug 2239878]