CVE-2023-5680

Summary

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Affected Software

VendorProductVersion RangeStatus
ISCBIND 99.11.3-S1 <= 9.11.37-S1affected
ISCBIND 99.16.8-S1 <= 9.16.45-S1affected
ISCBIND 99.18.11-S1 <= 9.18.21-S1affected

Weaknesses

Workarounds

There is no workaround for this issue other than disabling the ECS feature entirely.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References