CVE-2023-6516

moderate-risk

Published 2024-02-13

To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.

Do I need to act?

0.18% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (12)

Bind

Active Iq Unified Manager

Affected Vendors

Isc Netapp

References (10)

Mailing List http://www.openwall.com/lists/oss-security/2024/02/13/1

Vendor Advisory https://kb.isc.org/docs/cve-2023-6516

Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

Third Party Advisory https://security.netapp.com/advisory/ntap-20240503-0008/

Mailing List http://www.openwall.com/lists/oss-security/2024/02/13/1

Vendor Advisory https://kb.isc.org/docs/cve-2023-6516

Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

Third Party Advisory https://security.netapp.com/advisory/ntap-20240503-0008/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 17/34 · Moderate