An error in QNAME minimization code can cause BIND to exit with an assertion failure

CVE-2019-6476

5.9MEDIUM

Key Information

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 16 October 2019

Summary

A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

Affected Version(s)

BIND 9 = 9.14.0 up to 9.14.6

BIND 9 = 9.15.0 up to 9.15.4

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.5 to: 5.9 - (MEDIUM)
Feb 22, 2024
Vulnerability published.
Oct 16, 2019
Vulnerability Reserved.
Jan 16, 2019

Collectors

NVD DatabaseMitre Database