AZL-34354

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34354.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-34354
Upstream
Published
2024-02-13T14:15:45Z
Modified
2026-04-01T05:11:26.740548Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
CVE-2023-5517 affecting package bind for versions less than 9.16.48-1
Details

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when:

  • nxdomain-redirect <domain>; is configured, and
  • the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
References

Affected packages

Azure Linux:2 / bind

Package

Name
bind
Purl
pkg:rpm/azure-linux/bind

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.16.48-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34354.json"