CVE-2023-2828

Summary

CVE-2023-2828 is a vulnerability that affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, and 9.19.0 through 9.19.13, as well as other related products, identified by the affected_products list provided in the source text (of2I9S, of2I9T, of2I9Q, etc.). The vulnerability allows an attacker to exceed the configured cache size limit by querying the resolver for specific RRsets in a certain order, impacting the effectiveness of the cache-cleaning algorithm used in named instances configured to run as a recursive resolver. The potential danger this vulnerability poses to an organization is rated as HIGH with a base score of 7.5 according to CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H metrics provided by [email protected] rating source. Remediation for this vulnerability would involve updating BIND to a patched version that fixes the cache-cleaning algorithm issue and applying any necessary configuration changes recommended by the vendor or security advisories. Note: Additional information can be included from other sources to provide a more comprehensive report, but it should adhere to the guidelines of factual reporting and non-biased summarization.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.