CVE-2023-5680
5.3
MEDIUM
CVSS 3.1
EPSS 0.10%
Description
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
How to fix CVE-2023-5680
To remediate CVE-2023-5680, upgrade the affected package to a fixed version below.
- Alpine/bind—upgrade to 9.16.48-r0 or later
Is CVE-2023-5680 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 9.16.48-r0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |