Tracked as CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911, these high-severity issues could be exploited to exhaust the available memory, or could cause named – BIND’s daemon that functions both as a recursive resolver and as an authoritative name server – to crash.
CVE-2023-2828, ISC explains in an advisory, impacts a named function responsible for cleaning the memory cache to prevent it from reaching the maximum allowed value (the default is 90% of the total amount of memory available on the host).
“It has been discovered that the effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order,” ISC notes.
