Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2023-5517

Disclosure Date: February 13, 2024
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when:

  • nxdomain-redirect <domain>; is configured, and
  • the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.
    This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • fedoraproject,
  • isc,
  • netapp

Products

  • active iq unified manager -,
  • bind,
  • bind 9.16.11,
  • bind 9.16.12,
  • bind 9.16.13,
  • bind 9.16.14,
  • bind 9.16.21,
  • bind 9.16.32,
  • bind 9.16.36,
  • bind 9.16.43,
  • bind 9.16.45,
  • bind 9.16.8,
  • bind 9.18.11,
  • bind 9.18.18,
  • bind 9.18.21,
  • fedora 38,
  • fedora 39
Technical Analysis