Bug 2239621 (CVE-2023-3341) - CVE-2023-3341 bind: stack exhaustion in control channel code may lead to DoS
Summary: CVE-2023-3341 bind: stack exhaustion in control channel code may lead to DoS
Keywords:
Status: NEW
Alias: CVE-2023-3341
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2239874 2239875
Blocks: 2239616
TreeView+ depends on / blocked
 
Reported: 2023-09-19 12:37 UTC by Marian Rehak
Modified: 2025-01-06 13:32 UTC (History)
4 users (show)

Fixed In Version: bind 9.16.44, bind 9.18.19, bind 9.19.17, bind 9.16.44-S1, bind 9.18.19-S1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:5492 0 None None None 2023-10-05 23:24:10 UTC
Red Hat Product Errata RHBA-2023:5493 0 None None None 2023-10-05 23:24:00 UTC
Red Hat Product Errata RHBA-2023:5494 0 None None None 2023-10-05 23:24:26 UTC
Red Hat Product Errata RHBA-2023:5507 0 None None None 2023-10-09 01:14:39 UTC
Red Hat Product Errata RHBA-2023:5509 0 None None None 2023-10-09 01:16:19 UTC
Red Hat Product Errata RHBA-2023:5544 0 None None None 2023-10-09 15:55:11 UTC
Red Hat Product Errata RHBA-2023:5566 0 None None None 2023-10-10 10:02:59 UTC
Red Hat Product Errata RHBA-2023:5718 0 None None None 2023-10-16 11:10:30 UTC
Red Hat Product Errata RHBA-2023:5772 0 None None None 2023-10-17 09:26:28 UTC
Red Hat Product Errata RHBA-2023:5773 0 None None None 2023-10-17 09:25:26 UTC
Red Hat Product Errata RHSA-2023:5460 0 None None None 2023-10-05 13:06:39 UTC
Red Hat Product Errata RHSA-2023:5473 0 None None None 2023-10-05 14:28:14 UTC
Red Hat Product Errata RHSA-2023:5474 0 None None None 2023-10-05 14:32:28 UTC
Red Hat Product Errata RHSA-2023:5526 0 None None None 2023-10-09 09:44:58 UTC
Red Hat Product Errata RHSA-2023:5527 0 None None None 2023-10-09 10:03:45 UTC
Red Hat Product Errata RHSA-2023:5529 0 None None None 2023-10-09 10:03:53 UTC
Red Hat Product Errata RHSA-2023:5689 0 None None None 2023-10-12 14:54:38 UTC
Red Hat Product Errata RHSA-2023:5690 0 None None None 2023-10-12 14:55:10 UTC
Red Hat Product Errata RHSA-2023:5691 0 None None None 2023-10-12 14:57:47 UTC
Red Hat Product Errata RHSA-2023:5771 0 None None None 2023-10-17 09:27:34 UTC
Red Hat Product Errata RHSA-2025:0039 0 None None None 2025-01-06 13:32:24 UTC

Description Marian Rehak 2023-09-19 12:37:38 UTC 
The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly.
Comment 2 Marian Rehak 2023-09-20 15:16:12 UTC 
Public via https://kb.isc.org/docs/cve-2023-3341
Comment 3 Marian Rehak 2023-09-20 15:17:05 UTC 
Created bind tracking bugs for this issue:

Affects: fedora-37 [bug 2239874]
Affects: fedora-38 [bug 2239875]
Comment 6 errata-xmlrpc 2023-10-05 13:06:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5460 https://access.redhat.com/errata/RHSA-2023:5460
Comment 7 errata-xmlrpc 2023-10-05 14:28:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5473 https://access.redhat.com/errata/RHSA-2023:5473
Comment 8 errata-xmlrpc 2023-10-05 14:32:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5474 https://access.redhat.com/errata/RHSA-2023:5474
Comment 9 errata-xmlrpc 2023-10-09 09:44:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5526 https://access.redhat.com/errata/RHSA-2023:5526
Comment 10 errata-xmlrpc 2023-10-09 10:03:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5527 https://access.redhat.com/errata/RHSA-2023:5527
Comment 11 errata-xmlrpc 2023-10-09 10:03:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5529 https://access.redhat.com/errata/RHSA-2023:5529
Comment 12 errata-xmlrpc 2023-10-12 14:54:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5689 https://access.redhat.com/errata/RHSA-2023:5689
Comment 13 errata-xmlrpc 2023-10-12 14:55:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5690 https://access.redhat.com/errata/RHSA-2023:5690
Comment 14 errata-xmlrpc 2023-10-12 14:57:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:5691 https://access.redhat.com/errata/RHSA-2023:5691
Comment 16 errata-xmlrpc 2023-10-17 09:27:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5771 https://access.redhat.com/errata/RHSA-2023:5771
Comment 18 errata-xmlrpc 2025-01-06 13:32:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION

Via RHSA-2025:0039 https://access.redhat.com/errata/RHSA-2025:0039
Note You need to log in before you can comment on or make changes to this bug.