Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-4236

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.

Related bugs and status

CVE-2023-4236 (Candidate) is related to these bugs:

Bug #2037162: [Debian] High CVE: CVE-2023-3341/CVE-2023-4236 bind9: multiple CVEs

Summary				In	Importance	Status
	2037162	[Debian] High CVE: CVE-2023-3341/CVE-2023-4236 bind9: multiple CVEs		StarlingX	High	Fix Released

Bug #2040359: Merge bind9 from Debian unstable for noble

Summary				In	Importance	Status
	2040359	Merge bind9 from Debian unstable for noble		bind9 (Ubuntu)	Undecided	Fix Released
	2040359	Merge bind9 from Debian unstable for noble		bind-dyndb-ldap (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://kb.isc.org/doc...
MLIST: [oss-security] 2023092...
DEBIAN: DSA-5504
FEDORA: FEDORA-2023-a2621f58a9
FEDORA: FEDORA-2023-87502c4a93
CONFIRM: https://security.netap...
FEDORA: FEDORA-2023-b4acb0f7c6