2216576 – (DUPLICATE-CVE-2023-2911) bind: stack overflow

Bug 2216576 (DUPLICATE-CVE-2023-2911) - bind: stack overflow

Summary: bind: stack overflow

Keywords:
Status:	CLOSED DUPLICATE of bug 2216228
Alias:	DUPLICATE-CVE-2023-2911
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-06-21 22:13 UTC by Anten Skrabec
Modified:	2024-03-20 10:09 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-06-21 22:27:07 UTC
Embargoed:

Attachments	(Terms of Use)

Description Anten Skrabec 2023-06-21 22:13:06 UTC

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.
This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

https://kb.isc.org/docs/cve-2023-2911

Comment 1 Anten Skrabec 2023-06-21 22:27:07 UTC


*** This bug has been marked as a duplicate of bug 2216228 ***

Note You need to log in before you can comment on or make changes to this bug.