CVE-2023-2828

CVSS Score of 10 (low)

Details

Published Jun 21, 2023
Updated: Jul 21, 2023
CWE ID 770

Summary

CVE-2023-2828 is a vulnerability that affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, and 9.19.0 through 9.19.13, as well as other related products, identified by the affected_products list provided in the source text (of2I9S, of2I9T, of2I9Q, etc.). The vulnerability allows an attacker to exceed the configured cache size limit by querying the resolver for specific RRsets in a certain order, impacting the effectiveness of the cache-cleaning algorithm used in named instances configured to run as a recursive resolver. The potential danger this vulnerability poses to an organization is rated as HIGH with a base score of 7.5 according to CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H metrics provided by [email protected] rating source. Remediation for this vulnerability would involve updating BIND to a patched version that fixes the cache-cleaning algorithm issue and applying any necessary configuration changes recommended by the vendor or security advisories. Note: Additional information can be included from other sources to provide a more comprehensive report, but it should adhere to the guidelines of factual reporting and non-biased summarization.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-2828 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options