Описание
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
An assertion check flaw was found in BIND, with a refactoration of recursive client code that introduced a "backstop lifetime timer." While BIND processes a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. As a result of this timeout, the resume_dslookup() function is called, which does not test whether the fetch has shut down previously. This issue triggers an assertion failure, which could cause the BIND process to terminate.
Отчет
This flaw only affects BIND-9.18.0, whereas Red Hat ships BIND-9.16 and lower versions. Therefore, versions of BIND shipped with Red Hat Products are not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | bind | Not affected | ||
| Red Hat Enterprise Linux 7 | bind | Not affected | ||
| Red Hat Enterprise Linux 8 | bind | Not affected | ||
| Red Hat Enterprise Linux 8 | bind9.16 | Not affected | ||
| Red Hat Enterprise Linux 9 | bind | Not affected | ||
| Red Hat Enterprise Linux 9 | dhcp | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
When the vulnerability is triggered the BIND process will exit. BIND 9 ...
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
Уязвимость сервера DNS BIND, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3