CVE-2023-2828 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 25, 2024
CVE-2023-2828 is a high-severity vulnerability affecting certain versions of BIND 9, a widely used Domain Name Server (DNS) software. This vulnerability allows the configured max-cache-size limit to be significantly exceeded, potentially leading to a denial-of-service condition. Systems running the affected versions of BIND 9 are at risk.
How do I know if I'm affected?
If you're using BIND 9, a popular Domain Name Server (DNS) software, you might be affected by the vulnerability. This issue can cause the configured max-cache-size limit to be significantly exceeded, potentially leading to a denial-of-service condition. To know if you're affected, check if you're using any of these versions:
BIND: 9.11.0 to 9.16.41, 9.18.0 to 9.18.15, 9.19.0 to 9.19.13
BIND Supported Preview Edition: 9.11.3-S1 to 9.16.41-S1, 9.18.11-S1 to 9.18.15-S1
Debian 10 buster: bind9 version 1:9.11.5.P4+dfsg-5.1+deb10u9 or earlier
Fedora 37 with bind-dyndb-ldap version 11.10-15.fc37
If you're using any of these versions, you may be at risk. It's important to stay informed and take necessary precautions to protect your system.
What should I do if I'm affected?
If you're affected by the vulnerability, it's important to upgrade your BIND 9 software to a patched release. For Debian 10 buster users, upgrade bind9 packages to version 1:9.11.5.P4+dfsg-5.1+deb10u9. Fedora 37 users should update the bind-dyndb-ldap package to version 11.10-15.fc37. Upgrading will help protect your system from potential denial-of-service attacks.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The vulnerability, also known as the BIND 9 Cache Size Limit Bypass Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue allows the configured max-cache-size limit to be significantly exceeded, potentially leading to a denial-of-service condition. To protect your system, it's important to update to a non-vulnerable version of BIND or apply the necessary patches provided by the vendor.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-770, which can cause the configured cache size limit to be significantly exceeded, potentially leading to a denial-of-service attack.
For more details
CVE-2023-2828 is a high-severity vulnerability affecting BIND 9, with potential consequences such as denial-of-service attacks. By understanding its impact, severity, technical details, and affected software configurations, users can take appropriate measures to protect their systems. For a comprehensive overview of this vulnerability, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-2828 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 25, 2024
CVE-2023-2828 is a high-severity vulnerability affecting certain versions of BIND 9, a widely used Domain Name Server (DNS) software. This vulnerability allows the configured max-cache-size limit to be significantly exceeded, potentially leading to a denial-of-service condition. Systems running the affected versions of BIND 9 are at risk.
How do I know if I'm affected?
If you're using BIND 9, a popular Domain Name Server (DNS) software, you might be affected by the vulnerability. This issue can cause the configured max-cache-size limit to be significantly exceeded, potentially leading to a denial-of-service condition. To know if you're affected, check if you're using any of these versions:
BIND: 9.11.0 to 9.16.41, 9.18.0 to 9.18.15, 9.19.0 to 9.19.13
BIND Supported Preview Edition: 9.11.3-S1 to 9.16.41-S1, 9.18.11-S1 to 9.18.15-S1
Debian 10 buster: bind9 version 1:9.11.5.P4+dfsg-5.1+deb10u9 or earlier
Fedora 37 with bind-dyndb-ldap version 11.10-15.fc37
If you're using any of these versions, you may be at risk. It's important to stay informed and take necessary precautions to protect your system.
What should I do if I'm affected?
If you're affected by the vulnerability, it's important to upgrade your BIND 9 software to a patched release. For Debian 10 buster users, upgrade bind9 packages to version 1:9.11.5.P4+dfsg-5.1+deb10u9. Fedora 37 users should update the bind-dyndb-ldap package to version 11.10-15.fc37. Upgrading will help protect your system from potential denial-of-service attacks.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The vulnerability, also known as the BIND 9 Cache Size Limit Bypass Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue allows the configured max-cache-size limit to be significantly exceeded, potentially leading to a denial-of-service condition. To protect your system, it's important to update to a non-vulnerable version of BIND or apply the necessary patches provided by the vendor.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-770, which can cause the configured cache size limit to be significantly exceeded, potentially leading to a denial-of-service attack.
For more details
CVE-2023-2828 is a high-severity vulnerability affecting BIND 9, with potential consequences such as denial-of-service attacks. By understanding its impact, severity, technical details, and affected software configurations, users can take appropriate measures to protect their systems. For a comprehensive overview of this vulnerability, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-2828 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 25, 2024
CVE-2023-2828 is a high-severity vulnerability affecting certain versions of BIND 9, a widely used Domain Name Server (DNS) software. This vulnerability allows the configured max-cache-size limit to be significantly exceeded, potentially leading to a denial-of-service condition. Systems running the affected versions of BIND 9 are at risk.
How do I know if I'm affected?
If you're using BIND 9, a popular Domain Name Server (DNS) software, you might be affected by the vulnerability. This issue can cause the configured max-cache-size limit to be significantly exceeded, potentially leading to a denial-of-service condition. To know if you're affected, check if you're using any of these versions:
BIND: 9.11.0 to 9.16.41, 9.18.0 to 9.18.15, 9.19.0 to 9.19.13
BIND Supported Preview Edition: 9.11.3-S1 to 9.16.41-S1, 9.18.11-S1 to 9.18.15-S1
Debian 10 buster: bind9 version 1:9.11.5.P4+dfsg-5.1+deb10u9 or earlier
Fedora 37 with bind-dyndb-ldap version 11.10-15.fc37
If you're using any of these versions, you may be at risk. It's important to stay informed and take necessary precautions to protect your system.
What should I do if I'm affected?
If you're affected by the vulnerability, it's important to upgrade your BIND 9 software to a patched release. For Debian 10 buster users, upgrade bind9 packages to version 1:9.11.5.P4+dfsg-5.1+deb10u9. Fedora 37 users should update the bind-dyndb-ldap package to version 11.10-15.fc37. Upgrading will help protect your system from potential denial-of-service attacks.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The vulnerability, also known as the BIND 9 Cache Size Limit Bypass Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue allows the configured max-cache-size limit to be significantly exceeded, potentially leading to a denial-of-service condition. To protect your system, it's important to update to a non-vulnerable version of BIND or apply the necessary patches provided by the vendor.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-770, which can cause the configured cache size limit to be significantly exceeded, potentially leading to a denial-of-service attack.
For more details
CVE-2023-2828 is a high-severity vulnerability affecting BIND 9, with potential consequences such as denial-of-service attacks. By understanding its impact, severity, technical details, and affected software configurations, users can take appropriate measures to protect their systems. For a comprehensive overview of this vulnerability, visit the NVD page or the links below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions