Описание
By sending specific queries to the resolver, an attacker can cause named to crash.
A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending specific queries to the resolver, an attacker can cause named to crash.
Отчет
This issue affects versions 9.16.14 and higher of the Bind package. Therefore Red Hat Enterprise Linux 6 and 7 are not impacted.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | bind | Not affected | ||
| Red Hat Enterprise Linux 7 | bind | Not affected | ||
| Red Hat Enterprise Linux 8 | bind | Not affected | ||
| Red Hat Enterprise Linux 9 | dhcp | Not affected | ||
| Red Hat Enterprise Linux 8 | bind9.16 | Fixed | RHSA-2022:6781 | 04.10.2022 |
| Red Hat Enterprise Linux 9 | bind | Fixed | RHSA-2022:6763 | 03.10.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
By sending specific queries to the resolver, an attacker can cause named to crash.
By sending specific queries to the resolver, an attacker can cause named to crash.
By sending specific queries to the resolver, an attacker can cause nam ...
By sending specific queries to the resolver, an attacker can cause named to crash.
EPSS
7.5 High
CVSS3