{"id":"AZL-34354","summary":"CVE-2023-5517 affecting package bind for versions less than 9.16.48-1","details":"A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n  - `nxdomain-redirect \u003cdomain\u003e;` is configured, and\n  - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.","modified":"2026-04-01T05:11:26.740548Z","published":"2024-02-13T14:15:45Z","upstream":["CVE-2023-5517"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5517"}],"affected":[{"package":{"name":"bind","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/bind"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.16.48-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34354.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}