An error in QNAME minimization code can cause BIND to exit with an assertion failure

CVE-2019-6476

5.9MEDIUM

Key Information

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 16 October 2019

Summary

A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

Affected Version(s)

BIND 9 9.14.0 up to 9.14.6

BIND 9 9.15.0 up to 9.15.4

References

https://kb.isc.org/docs/cve-2019-6476

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20191024-0004/

x_refsource_CONFIRM

https://support.f5.com/csp/article/K42238532?utm_source=f...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Jan 16, 2019

Collectors

NVD DatabaseMitre Database