Описание
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
A flaw was found in the Bind package. When an HTTP connection was reused to request statistics from the stats channel, the content length of successive responses could grow in size past the end of the allocated buffer, affecting the availability.
Отчет
This flaw only affects versions BIND-9.18.0 and higher, whereas Red Hat ships BIND-9.16 and lower versions. Therefore, versions of BIND shipped with Red Hat Products are not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | bind | Not affected | ||
| Red Hat Enterprise Linux 7 | bind | Not affected | ||
| Red Hat Enterprise Linux 8 | bind | Not affected | ||
| Red Hat Enterprise Linux 8 | bind9.16 | Not affected | ||
| Red Hat Enterprise Linux 9 | bind | Not affected | ||
| Red Hat Enterprise Linux 9 | dhcp | Not affected |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
The underlying bug might cause read past end of the buffer and either ...
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
Уязвимость сервера DNS BIND, связанная с отсутствием проверки длины буфера и чтением за границами памяти, позволяющая нарушителю получить доступ к защищаемой информации или вызвать отказ в обслуживании
5.5 Medium
CVSS3