7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.0%
A flaw was found in the Bind package. The networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. A named instance vulnerable to this flaw may terminate unexpectedly when subjected to significant DNS-over-TLS query load.
Disabling listening for DNS-over-TLS connections (by removing listen-on … tls … { … }; statements from the configuration) prevents the affected code paths from being taken, rendering exploitation impossible. However, there is no workaround for this flaw if DNS-over-TLS support is required.