Cyber Resilience

CVE-2023-2911

High

Published: 21 June 2023

Published
21 June 2023
Modified
21 November 2024
KEV Added
Patch
21 June 2023
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0013 32.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-2911 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Isc Bind. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects…

more

BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

isc
bind
9.16.33 — 9.16.41 · 9.16.33 — 9.16.41 · 9.18.7 — 9.18.15
debian
debian linux
11.0, 12.0
fedoraproject
fedora
37, 38
netapp
active iq unified manager
all versions
netapp
h700s firmware
all versions
netapp
h300s firmware
all versions
netapp
h410c firmware
all versions
netapp
h410s firmware
all versions
netapp
h500s firmware
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References