{"id":"AZL-34560","summary":"CVE-2023-4408 affecting package bind for versions less than 9.19.21-1","details":"The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.","modified":"2026-04-01T05:11:32.075429Z","published":"2024-02-13T14:15:45Z","upstream":["CVE-2023-4408"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4408"}],"affected":[{"package":{"name":"bind","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/bind"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.19.21-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34560.json"}}],"schema_version":"1.7.5"}