CVE-2023-4408

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Published: Feb 13, 2024
Updated: Nov 16, 2025
CVE: CVE-2023-4408
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-407

Affected Software
References

Software	From	Fixed in
netapp / ontap	9.14.1	9.14.1.x
netapp / ontap	9.15.1	9.15.1.x
fedoraproject / fedora	38	38.x
fedoraproject / fedora	39	39.x
isc / bind	9.9.3-s1	9.9.3-s1.x
isc / bind	9.16.8-s1	9.16.8-s1.x
isc / bind	9.16.11-s1	9.16.11-s1.x
isc / bind	9.16.13-s1	9.16.13-s1.x
isc / bind	9.16.21-s1	9.16.21-s1.x
isc / bind	9.16.32-s1	9.16.32-s1.x
isc / bind	9.16.14-s1	9.16.14-s1.x
isc / bind	9.16.36-s1	9.16.36-s1.x
isc / bind	9.16.12-s1	9.16.12-s1.x
isc / bind	9.16.43-s1	9.16.43-s1.x
isc / bind	9.18.18-s1	9.18.18-s1.x
isc / bind	9.18.0-s1	9.18.0-s1.x
isc / bind	9.18.11-s1	9.18.11-s1.x
isc / bind	9.19.0	9.19.19.x
isc / bind	9.18.0	9.18.21.x
isc / bind	9.0.0	9.16.45.x

Vulnerability Database

309,961

CVE-2023-4408

Deep Security Visibility Without the Complexity