ISC BIND 9.18.0 < 9.18.19 / 9.18.11-S1 < 9.18.19-S1 Assertion Failure (cve-2023-4236)

high Nessus Plugin ID 181671


The remote name server is affected by an assertion failure vulnerability vulnerability.


The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-4236 advisory.

- A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.A named instance vulnerable to this flaw may terminate unexpectedly when subjected to significant DNS-over-TLS query load. This flaw does not affect DNS-over-HTTPS code, as that uses a different TLS implementation. (CVE-2023-4236)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Upgrade to ISC BIND version 9.18.19 / 9.18.19-S1 or later.

See Also

Plugin Details

Severity: High

ID: 181671

File Name: bind9_91819_s1_cve-2023-4236.nasl

Version: 1.3

Type: remote

Family: DNS

Published: 9/20/2023

Updated: 9/29/2023

Configuration: Enable paranoid mode

Risk Information


Risk Factor: Medium

Score: 4.4


Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2023-4236


Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:isc:bind

Required KB Items: bind/version, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 9/20/2023

Vulnerability Publication Date: 9/20/2023

Reference Information

CVE: CVE-2023-4236

IAVA: 2023-A-0500