Wind River Support Network

HomeDefectsLIN1022-4613
Fixed

LIN1022-4613 : Security Advisory - bind - CVE-2023-2911

Created: Jun 24, 2023    Updated: Aug 7, 2023
Resolved Date: Jul 29, 2023
Found In Version: 10.22.33.1
Fix Version: 10.22.33.10(hot fix)
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.
This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

CREATE(Triage):(User=admin) CVE-2023-2911 (https://nvd.nist.gov/vuln/detail/CVE-2023-2911)

CVEs


Live chat
Online