2264285 – (CVE-2023-5680) CVE-2023-5680 bind9: Cleaning an ECS-enabled cache may cause excessive CPU load

Bug 2264285 (CVE-2023-5680) - CVE-2023-5680 bind9: Cleaning an ECS-enabled cache may cause excessive CPU load

Summary: CVE-2023-5680 bind9: Cleaning an ECS-enabled cache may cause excessive CPU load

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-5680
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2264286 2264287 2264288 2264289
Blocks:	2263895
TreeView+	depends on / blocked

Reported:	2024-02-14 22:12 UTC by Marco Benatto
Modified:	2024-03-29 01:11 UTC (History)
CC List:	0 users
Fixed In Version:	bind 9.16.48-S1, bind 9.18.24-S1
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the bind9 package. This issue may allow an attacker to substantially decrease `named` performance by sending a specific set of queries, forcing the same name to have a large number of ECS records stored. In the worst case scenario, `named` can become unresponsive, leading to a Denial of Service.
Clone Of:
Environment:
Last Closed:	2024-02-15 17:45:32 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marco Benatto 2024-02-14 22:12:40 UTC

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance.

Comment 1 Marco Benatto 2024-02-14 22:13:13 UTC

Created bind tracking bugs for this issue:

Affects: fedora-all [bug 2264286]


Created dhcp tracking bugs for this issue:

Affects: fedora-all [bug 2264289]


Created dnsmasq tracking bugs for this issue:

Affects: fedora-all [bug 2264288]


Created unbound tracking bugs for this issue:

Affects: fedora-all [bug 2264287]

Note You need to log in before you can comment on or make changes to this bug.