Reachable Assertion Affecting bind-chroot package, versions *


Severity

Recommended
0.0
high
0
10

Based on CentOS security rating.

Threat Intelligence

EPSS
1.23% (65th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS10-BINDCHROOT-11367928
  • published2 Aug 2025
  • disclosed1 Jan 2023

Introduced: 1 Jan 2023

CVE-2023-5517  (opens in a new tab)
CWE-617  (opens in a new tab)

How to fix?

There is no fixed version for Centos:10 bind-chroot.

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-chroot package and not the bind-chroot package as distributed by Centos. See How to fix? for Centos:10 relevant fixed versions and status.

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when:

  • nxdomain-redirect <domain>; is configured, and
  • the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

CVSS Base Scores

version 3.1