关键信息 CVE: CVE-2023-5679 Title: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution Affected Program: BIND 9 Affected Versions: - BIND: - 9.16.12 -> 9.16.45 - 9.18.0 -> 9.18.21 - 9.19.0 -> 9.19.19 - BIND Supported Preview Edition: - 9.16.12-S1 -> 9.16.45-S1 - 9.18.11-S1 -> 9.18.21-S1 Impact: An attacker can cause to crash with an assertion failure by querying a DNS64-enabled resolver for domain names triggering serve-stale. CVSS Score: 7.5 Workarounds: - Disable serve-stale: and - Disable DNS64 Active Exploits: No active exploits are known. Solution: Upgrade to the patched release. - 9.16.48 - 9.18.24 - 9.19.21 - BIND Supported Preview Edition: - 9.16.48-S1 - 9.18.24-S1