Security Advisory

BIND DNS Vulnerability Security Update Advisory (CVE-2023-50387)

Feb 23 2024

Overview

The Internet Systems Consortium (ISC) has released a security update that fixes vulnerabilities in products supplied by BIND DNS. Users of affected systems are advised to update to the latest version.

Affected Products

BIND 9 version 9.16.x
BIND 9 9.18.x versions
BIND 9 9.19.x Versions

Resolved Vulnerabilities

CPU resource consumption due to infinite loop entry during DNSSEC signature verification (CVE-2023-50387)

Vulnerability Patches

Product-specific vulnerability patches were made available in the February 13, 2024 update. please update to the latest vulnerability patch version according to the reference site.

BIND 9 version 9.16.48
BIND 9 version 9.18.24
BIND 9 version 9.19.21

Referenced Sites

[1] CVE-2023-50387: KeyTrap – Extreme CPU consumption in DNSSEC validator
https://kb.isc.org/v1/docs/CVE-2023-50387
[2] CVE-2023-50387 Detail
https://nvd.nist.gov/vuln/detail/CVE-2023-50387
[3] Download ISC’s open source software
https://www.isc.org/download

Previous Post

Cisco Product Security Update Advisory (CVE-2020-3259)

Next Post

GitLab CE/EE Product Security Update Advisory