CVE-2023-4408

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-4408
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4408.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4408
Downstream
Related
Published
2024-02-13T14:15:45.253Z
Modified
2026-04-10T05:03:03.355638Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

References

Affected packages

Git / gitlab.isc.org/isc-projects/bind9

Affected ranges

Type
GIT
Repo
https://gitlab.isc.org/isc-projects/bind9
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a372174145c07fca8c67397195b062e06d90f790
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fea4d53c605d921fe69a49eaf07b912f3cd0a316
Introduced
19d6c56085e97cf4ac559cdc27edd624127bcb32
Last affected
353fb4b9d32dba44574853568c749c6032a5554e
Introduced
8db45afa1affcb823e68afdeddedf93e136f5d3e
Last affected
cb6cff65a928fd38bf29060d7810fa3be0aa091e
Introduced
cab15392afd841fe3b0bacd894003376d857459a
Last affected
18a05caf55e019c7ddf491d7d78c51eebb993133
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1c59cea1c0e26e2da3f2afb90200bfe9f7748c03
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.14.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.15.1"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.16.45"
        },
        {
            "introduced": "9.18.0"
        },
        {
            "last_affected": "9.18.21"
        },
        {
            "introduced": "9.19.0"
        },
        {
            "last_affected": "9.19.19"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.9.3-s1"
        }
    ]
}

Affected versions

v9.*
v9.10.0a1
v9.10.0a2
v9.10.0b1
v9.10.0b2
v9.10.0rc1
v9.11.0a1
v9.11.0a2
v9.11.0a3
v9.12.0a1
v9.12.0b1
v9.12.0b2
v9.12.0rc1
v9.13.0
v9.13.2
v9.13.3
v9.13.4
v9.13.5
v9.13.6
v9.13.7
v9.14.0rc1
v9.14.1
v9.15.0
v9.15.1
v9.15.2
v9.15.3
v9.15.4
v9.15.7
v9.15.8
v9.16.0
v9.16.45
v9.18.0
v9.18.21
v9.19.0
v9.19.19
v9.5.0a1
v9.5.0a2
v9.5.0a3
v9.5.0a4
v9.5.0a5
v9.5.0a6
v9.7.0a1
v9.9.0
v9.9.0rc3
v9.9.0rc4
v9.9.1
v9.9.2b1
v9.9.2rc1
v9.9.3b1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "38"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "39"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.16.8-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.16.11-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.16.12-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.16.13-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.16.14-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.16.21-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.16.32-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.16.36-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.16.43-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.18.0-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.18.11-s1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.18.18-s1"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4408.json"