If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;, a sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow. By sending specific queries to the resolver, an attacker can cause named to terminate unexpectedly.
Upstream article: https://kb.isc.org/docs/cve-2023-2911
*** Bug 2216576 has been marked as a duplicate of this bug. ***
Created bind tracking bugs for this issue: Affects: fedora-all [bug 2216630] Created dhcp tracking bugs for this issue: Affects: fedora-all [bug 2216631]
Default value used unless specified in configuration is stale-answer-client-timeout off; Unless stale-answer-client-timeout 0; and stale-answer-enable on; is present somewhere in the configuration, the fix should not be needed. Recommended value is around 1800 (miliseconds).
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-2911