ISC BIND is the United States ISC company’s set of open source software that implements the DNS protocol. ISC BIND suffers from a buffer overflow vulnerability that originates when reusing an HTTP connection to request statistics from the stats channel, where the length of the contents of successive responses may grow beyond the end of the allocated buffer, which can be exploited by an attacker to cause the read to exceed the end of the buffer and read memory it shouldn’t have to, or crash the process.
CPE | Name | Operator | Version |
---|---|---|---|
isc bind >=9.18.0, | lt | 9.18.7 | |
isc bind >=9.19.0, | lt | 9.19.5 |