CVE-2023-5679

CVE-2023-5679

Name

CVE-2023-5679

Description

A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vendor-advisory	https://kb.isc.org/docs/cve-2023-5679
security-officer@isc.org	http://www.openwall.com/lists/oss-security/2024/02/13/1
security-officer@isc.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
security-officer@isc.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
security-officer@isc.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
security-officer@isc.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
security-officer@isc.org	https://security.netapp.com/advisory/ntap-20240426-0002/

Type

URI

vendor-advisory

https://kb.isc.org/docs/cve-2023-5679

security-officer@isc.org

http://www.openwall.com/lists/oss-security/2024/02/13/1

security-officer@isc.org

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/

security-officer@isc.org

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/

security-officer@isc.org

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/

security-officer@isc.org

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/

security-officer@isc.org

https://security.netapp.com/advisory/ntap-20240426-0002/

Match rules

CPE URI	Source package	Min version	Max version
	bind-9	>= 9.16.12	<= 9.16.45
	bind-9	>= 9.18.0	<= 9.18.21
	bind-9	>= 9.19.0	<= 9.19.19
	bind-9	>= 9.16.12-S1	<= 9.16.45-S1
	bind-9	>= 9.18.11-S1	<= 9.18.21-S1
`cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::`	active_iq_unified_manager	== None	== -
`cpe:2.3:o:fedoraproject:fedora:38:::::::*`	fedora	== None	== 38
`cpe:2.3:o:fedoraproject:fedora:39:::::::*`	fedora	== None	== 39

CPE URI

Source package

Min version

Max version

bind-9

>= 9.16.12

<= 9.16.45

bind-9

>= 9.18.0

<= 9.18.21

bind-9

>= 9.19.0

<= 9.19.19

bind-9

>= 9.16.12-S1

<= 9.16.45-S1

bind-9

>= 9.18.11-S1

<= 9.18.21-S1

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

active_iq_unified_manager

== None

== -

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

fedora

== None

== 38

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

fedora

== None

== 39

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
bind	edge-main	9.18.24-r0	Mike Crute <mike@crute.us>	fixed
bind	3.22-main	9.18.24-r0	None	fixed
bind	3.21-main	9.18.24-r0	None	fixed
bind	3.20-main	9.18.24-r0	None	fixed
bind	3.19-main	9.18.24-r0	None	fixed
bind	3.18-main	9.18.24-r0	Mike Crute <mike@crute.us>	fixed
bind	3.17-main	9.18.24-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

bind

edge-main

9.18.24-r0

Mike Crute <mike@crute.us>

fixed

bind

3.22-main