CVE-2023-5680: Cleaning an ECS-enabled cache may cause excessive CPU load
First published: Tue Feb 13 2024(Updated: )
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Credit: security-officer@isc.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ISC BIND 9 | =9.11.3-s1 | |
| ISC BIND 9 | =9.11.3-s4 | |
| ISC BIND 9 | =9.11.4-s1 | |
| ISC BIND 9 | =9.11.5-s3 | |
| ISC BIND 9 | =9.11.5-s5 | |
| ISC BIND 9 | =9.11.5-s6 | |
| ISC BIND 9 | =9.11.6-s1 | |
| ISC BIND 9 | =9.11.7-s1 | |
| ISC BIND 9 | =9.11.8-s1 | |
| ISC BIND 9 | =9.11.12-s1 | |
| ISC BIND 9 | =9.11.21-s1 | |
| ISC BIND 9 | =9.11.27-s1 | |
| ISC BIND 9 | =9.11.29-s1 | |
| ISC BIND 9 | =9.11.35-s1 | |
| ISC BIND 9 | =9.11.37-s1 | |
| ISC BIND 9 | =9.16.8-s1 | |
| ISC BIND 9 | =9.16.11-s1 | |
| ISC BIND 9 | =9.16.12-s1 | |
| ISC BIND 9 | =9.16.13-s1 | |
| ISC BIND 9 | =9.16.14-s1 | |
| ISC BIND 9 | =9.16.21-s1 | |
| ISC BIND 9 | =9.16.32-s1 | |
| ISC BIND 9 | =9.16.36-s1 | |
| ISC BIND 9 | =9.16.43-s1 | |
| ISC BIND 9 | =9.18.11-s1 | |
| ISC BIND 9 | =9.18.18-s1 | |
| ISC BIND 9 | =9.18.21-s1 | |
| NetApp Active IQ Unified Manager for VMware vSphere |
Remedy
Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48-S1 or 9.18.24-S1.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-5680?
CVE-2023-5680 has been classified with a moderate severity level due to its impact on query performance in BIND 9.
How do I fix CVE-2023-5680?
To resolve CVE-2023-5680, you should update BIND 9 to the latest patched version that addresses this vulnerability.
Which versions of BIND 9 are affected by CVE-2023-5680?
CVE-2023-5680 affects BIND 9 versions from 9.11.3-S1 to 9.11.37-S1 and from 9.16.8-S1 to 9.16.45-S1.
What are the symptoms of CVE-2023-5680?
The primary symptom of CVE-2023-5680 is noticeably impaired query performance when cleaning a resolver cache with many ECS records.
Is CVE-2023-5680 exploitable remotely?
CVE-2023-5680 is not considered directly exploitable in the traditional sense, but it can significantly affect service performance.
- agent/author
- agent/remedy
- agent/title
- agent/severity
- agent/type
- agent/description
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/isc
- canonical/isc bind 9
- version/isc bind 9/9.11.3-s1
- version/isc bind 9/9.11.3-s4
- version/isc bind 9/9.11.4-s1
- version/isc bind 9/9.11.5-s3
- version/isc bind 9/9.11.5-s5
- version/isc bind 9/9.11.5-s6
- version/isc bind 9/9.11.6-s1
- version/isc bind 9/9.11.7-s1
- version/isc bind 9/9.11.8-s1
- version/isc bind 9/9.11.12-s1
- version/isc bind 9/9.11.21-s1
- version/isc bind 9/9.11.27-s1
- version/isc bind 9/9.11.29-s1
- version/isc bind 9/9.11.35-s1
- version/isc bind 9/9.11.37-s1
- version/isc bind 9/9.16.8-s1
- version/isc bind 9/9.16.11-s1
- version/isc bind 9/9.16.12-s1
- version/isc bind 9/9.16.13-s1
- version/isc bind 9/9.16.14-s1
- version/isc bind 9/9.16.21-s1
- version/isc bind 9/9.16.32-s1
- version/isc bind 9/9.16.36-s1
- version/isc bind 9/9.16.43-s1
- version/isc bind 9/9.18.11-s1
- version/isc bind 9/9.18.18-s1
- version/isc bind 9/9.18.21-s1
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere