{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5517", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2023-10-11T07:02:42.359Z", "datePublished": "2024-02-13T14:04:54.389Z", "dateUpdated": "2025-02-13T17:25:39.556Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2024-05-03T13:06:16.924Z"}, "title": "Querying RFC 1918 reverse zones may cause an assertion failure when \"nxdomain-redirect\" is enabled", "datePublic": "2024-02-13T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"version": "9.12.0", "lessThanOrEqual": "9.16.45", "status": "affected", "versionType": "custom"}, {"version": "9.18.0", "lessThanOrEqual": "9.18.21", "status": "affected", "versionType": "custom"}, {"version": "9.19.0", "lessThanOrEqual": "9.19.19", "status": "affected", "versionType": "custom"}, {"version": "9.16.8-S1", "lessThanOrEqual": "9.16.45-S1", "status": "affected", "versionType": "custom"}, {"version": "9.18.11-S1", "lessThanOrEqual": "9.18.21-S1", "status": "affected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "descriptions": [{"lang": "en", "value": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n  - `nxdomain-redirect <domain>;` is configured, and\n  - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."}], "impacts": [{"descriptions": [{"lang": "en", "value": "If both of the above conditions are met, a single suitable query will cause `named` to crash."}]}], "workarounds": [{"lang": "en", "value": "Disabling the `nxdomain-redirect` feature makes the faulty code path impossible to reach, preventing this flaw from being exploitable."}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, or 9.18.24-S1."}], "references": [{"url": "https://kb.isc.org/docs/cve-2023-5517", "name": "CVE-2023-5517", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"}, {"url": "https://security.netapp.com/advisory/ntap-20240503-0006/"}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.936Z"}, "title": "CVE Program Container", "references": [{"url": "https://kb.isc.org/docs/cve-2023-5517", "name": "CVE-2023-5517", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240503-0006/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-617", "lang": "en", "description": "CWE-617 Reachable Assertion"}]}], "affected": [{"vendor": "isc", "product": "bind_9", "cpes": ["cpe:2.3:a:isc:bind_9:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.12.0", "status": "affected", "lessThanOrEqual": "9.16.45", "versionType": "custom"}, {"version": "9.18.0", "status": "affected", "lessThanOrEqual": "9.18.21", "versionType": "custom"}, {"version": "9.19.0", "status": "affected", "lessThanOrEqual": "9.19.19", "versionType": "custom"}, {"version": "9.16.8-S1", "status": "affected", "lessThanOrEqual": "9.16.45-S1", "versionType": "custom"}, {"version": "9.18.11-S1", "status": "affected", "lessThanOrEqual": "9.18.21-S1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-22T13:32:01.260266Z", "id": "CVE-2023-5517", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T13:56:51.119Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://kb.isc.org/docs/cve-2023-5517", "name": "CVE-2023-5517", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240503-0006/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.936Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5517", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-22T13:32:01.260266Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:isc:bind_9:*:*:*:*:*:*:*:*"], "vendor": "isc", "product": "bind_9", "versions": [{"status": "affected", "version": "9.12.0", "versionType": "custom", "lessThanOrEqual": "9.16.45"}, {"status": "affected", "version": "9.18.0", "versionType": "custom", "lessThanOrEqual": "9.18.21"}, {"status": "affected", "version": "9.19.0", "versionType": "custom", "lessThanOrEqual": "9.19.19"}, {"status": "affected", "version": "9.16.8-S1", "versionType": "custom", "lessThanOrEqual": "9.16.45-S1"}, {"status": "affected", "version": "9.18.11-S1", "versionType": "custom", "lessThanOrEqual": "9.18.21-S1"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T13:56:45.647Z"}}], "cna": {"title": "Querying RFC 1918 reverse zones may cause an assertion failure when \"nxdomain-redirect\" is enabled", "source": {"discovery": "EXTERNAL"}, "impacts": [{"descriptions": [{"lang": "en", "value": "If both of the above conditions are met, a single suitable query will cause `named` to crash."}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"status": "affected", "version": "9.12.0", "versionType": "custom", "lessThanOrEqual": "9.16.45"}, {"status": "affected", "version": "9.18.0", "versionType": "custom", "lessThanOrEqual": "9.18.21"}, {"status": "affected", "version": "9.19.0", "versionType": "custom", "lessThanOrEqual": "9.19.19"}, {"status": "affected", "version": "9.16.8-S1", "versionType": "custom", "lessThanOrEqual": "9.16.45-S1"}, {"status": "affected", "version": "9.18.11-S1", "versionType": "custom", "lessThanOrEqual": "9.18.21-S1"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, or 9.18.24-S1."}], "datePublic": "2024-02-13T00:00:00.000Z", "references": [{"url": "https://kb.isc.org/docs/cve-2023-5517", "name": "CVE-2023-5517", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"}, {"url": "https://security.netapp.com/advisory/ntap-20240503-0006/"}], "workarounds": [{"lang": "en", "value": "Disabling the `nxdomain-redirect` feature makes the faulty code path impossible to reach, preventing this flaw from being exploitable."}], "descriptions": [{"lang": "en", "value": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n  - `nxdomain-redirect <domain>;` is configured, and\n  - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."}], "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2024-05-03T13:06:16.924Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5517", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:25:39.556Z", "dateReserved": "2023-10-11T07:02:42.359Z", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "datePublished": "2024-02-13T14:04:54.389Z", "assignerShortName": "isc"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "D4DCB2AB-E5FC-419F-B928-293EA038E376", "versionEndIncluding": "9.16.45", "versionStartIncluding": "9.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "A1F6FD2C-94DA-4D48-BC8F-D1B118BC9629", "versionEndIncluding": "9.18.21", "versionStartIncluding": "9.18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "6D929353-790C-47DA-BB73-D94D403FA14D", "versionEndIncluding": "9.19.19", "versionStartIncluding": "9.19.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "288EAD80-574B-4839-9C2C-81D6D088A733", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "3595F024-F910-4356-8B5B-D478960FF574", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.12:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "1B20F152-D0C3-4F07-83B3-5EA6B116F005", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.13:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "94661BA2-27F8-4FFE-B844-9404F735579D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.14:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "53593603-E2AF-4925-A6E6-109F097A0FF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.21:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "751E37C2-8BFD-4306-95C1-8C01CE495FA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.32:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "CC432820-F1A2-4132-A673-2620119553C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.36:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "F70347F2-6750-4497-B8F4-2036F4F4443A", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.43:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "A4B53B73-DB81-4AC1-A4E6-89BB305D6514", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.16.45:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "EC7357C9-AD62-4B7E-B013-780108BA562E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "16A7E0D1-35A1-4899-9FF2-14279C137C14", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.18.18:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "0233AEF2-9911-48AE-AE97-F217E3337AAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.18.21:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "DFE3AE03-DBB5-4891-8EF2-BF30AA6F66FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n  - `nxdomain-redirect <domain>;` is configured, and\n  - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."}, {"lang": "es", "value": "Una falla en el c\u00f3digo de manejo de consultas puede causar que `named` se cierre prematuramente con un error de aserci\u00f3n cuando: - `nxdomain-redirect ;` est\u00e1 configurado, y - el solucionador recibe una consulta PTR para una direcci\u00f3n RFC 1918 que normalmente dar como resultado una respuesta NXDOMAIN autorizada. Este problema afecta a las versiones de BIND 9, 9.12.0 a 9.16.45, 9.18.0 a 9.18.21, 9.19.0 a 9.19.19, 9.16.8-S1 a 9.16.45-S1 y 9.18.11-S1 a 9.18. .21-S1."}], "id": "CVE-2023-5517", "lastModified": "2024-11-21T08:41:55.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}]}, "published": "2024-02-13T14:15:45.510", "references": [{"source": "security-officer@isc.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"}, {"source": "security-officer@isc.org", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/docs/cve-2023-5517"}, {"source": "security-officer@isc.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"}, {"source": "security-officer@isc.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"}, {"source": "security-officer@isc.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"}, {"source": "security-officer@isc.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240503-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/docs/cve-2023-5517"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240503-0006/"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-617"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1781", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "bind9.16-32:9.16.23-0.16.el8_9.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-04-11T00:00:00Z"}, {"advisory": "RHSA-2024:1647", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "bind9.16-32:9.16.23-0.7.el8_6.5", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-04-02T00:00:00Z"}, {"advisory": "RHSA-2024:1648", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "bind9.16-32:9.16.23-0.14.el8_8.4", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-04-02T00:00:00Z"}, {"advisory": "RHSA-2024:1789", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bind-32:9.16.23-14.el9_3.4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-11T00:00:00Z"}, {"advisory": "RHSA-2024:1789", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bind-dyndb-ldap-0:11.9-8.el9_3.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-11T00:00:00Z"}, {"advisory": "RHSA-2024:2551", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bind-32:9.16.23-18.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2551", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "bind-dyndb-ldap-0:11.9-9.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:1800", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "bind-32:9.16.23-1.el9_0.5", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1800", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "bind-dyndb-ldap-0:11.9-7.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1803", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "bind-32:9.16.23-11.el9_2.4", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-04-15T00:00:00Z"}, {"advisory": "RHSA-2024:1803", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "bind-dyndb-ldap-0:11.9-8.el9_2.2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-04-15T00:00:00Z"}], "bugzilla": {"description": "bind9: Querying RFC 1918 reverse zones may cause an assertion failure when \u201cnxdomain-redirect\u201d is enabled", "id": "2263897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263897"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-617", "details": ["A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n- `nxdomain-redirect <domain>;` is configured, and\n- the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.", "A flaw was found in the bind package which may result in a Denial of Service in `named` process. This is a result of a reachable assertion, leading `named` to prematurely terminate when both conditions are met: nxdomain-redirect for the queried domain is configured and the resolver receives a PTR query, used for a reverse DNS lookup, for a RFC 1918 address that would normally result in an authoritative `NXDOMAIN` response. A single query matching both conditions can lead to a Denial of Service in the named application."], "mitigation": {"lang": "en:us", "value": "To prevent this vulnerability, ensure the `nxdomain-redirect` directive is not present in the `/etc/named.conf` file. Disabling the nxdomain-redirect feature makes the faulty code path impossible to reach, preventing this flaw from being exploitable."}, "name": "CVE-2023-5517", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5517\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5517\nhttps://kb.isc.org/docs/cve-2023-5517"], "statement": "The vulnerability in the bind package represents a important severity issue due to its potential to cause a Denial of Service (DoS) in the named DNS server. This flaw arises from a reachable assertion that triggers a premature termination of the named process when specific conditions are met: a domain configured with nxdomain-redirect and a PTR query for an RFC 1918 address. This scenario can lead to a complete failure of the DNS resolution service, disrupting network operations and availability. Given that DNS services are fundamental for network communication and resource accessibility, such an exploit could result in significant service outages, impacting both internal and external systems reliant on the affected DNS server.", "threat_severity": "Important"}