PatchSiren cyber security CVE debrief
CVE-2023-6516 ISC CVE debrief
CVE-2023-6516 is a HIGH severity vulnerability (CVSS 7.5) affecting BIND 9 recursive resolvers, specifically versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1. The vulnerability stems from an asynchronous cache cleanup mechanism in the `named` daemon that can be overwhelmed by specific query patterns, causing an unbounded growth of queued cleanup events and allowing memory consumption to exceed configured `max-cache-size` limits. This results in a denial-of-service condition through memory exhaustion. The vulnerability was published on November 12, 2024, and affects Siemens SINEC INS, which incorporates the vulnerable BIND 9 components. Siemens has released a vendor fix in V1.0 SP2 Update 3 or later versions.
- Vendor
- ISC
- Product
- SINEC INS
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-11-12
- Advisory updated
- 2024-11-12
Who should care
Organizations operating Siemens SINEC INS deployments, DNS infrastructure administrators managing BIND 9 recursive resolvers, industrial control system operators with integrated DNS services, and security teams responsible for availability of critical network infrastructure services
Technical summary
The vulnerability exists in BIND 9's asynchronous cache database maintenance mechanism. When `named` operates as a recursive resolver, it periodically cleans its cache database using multiple methods, including asynchronous cleanup where memory chunks pointing to cache elements are allocated and queued for deferred processing. Under continuous query patterns that trigger this maintenance, the cleanup event queue grows without bound because `named` cannot process events quickly enough. This bypasses the `max-cache-size` configuration limit, leading to uncontrolled memory growth and eventual denial of service. The attack requires network access to the resolver but no authentication, with low complexity for exploitation.
Defensive priority
HIGH
Recommended defensive actions
- Apply Siemens SINEC INS update to V1.0 SP2 Update 3 or later version as specified in vendor security advisory
- Monitor recursive resolver memory utilization for unexpected growth beyond configured max-cache-size limits
- Implement network segmentation to limit exposure of DNS resolver infrastructure to untrusted query sources
- Review DNS query patterns for anomalous traffic that may trigger excessive cache maintenance operations
- Consider implementing rate limiting on DNS queries to reduce potential for resource exhaustion attacks
- Establish alerting for abnormal memory consumption in BIND 9 recursive resolver deployments
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-24-319-08, which references Siemens security advisory SSA-915275. The affected product is Siemens SINEC INS, with remediation available through vendor update. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates network attack vector with low complexity, no privileges required, and high availability impact.
Official resources
-
CVE-2023-6516 CVE record
CVE.org
-
CVE-2023-6516 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12