The DNS software suite BIND, developed by the Internet Systems Consortium (ISC), has recently received patches for three denial-of-service (DoS) vulnerabilities. These vulnerabilities, identified as CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911, pose a significant risk as they can be exploited remotely.
They have the potential to either deplete the available memory or crash the named daemon, which serves as both a recursive resolver and an authoritative name server within BIND. CVE-2023-2828, specifically highlighted in ISC’s advisory, affects a named function responsible for the memory cache cleanup, preventing it from surpassing the maximum allowed value (by default, 90% of the total available memory on the host).
Read More: Remotely Exploitable DoS Vulnerabilities Patched in BIND
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.