4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.014 Low
EPSS
Percentile
86.7%
An error in handling certain queries can cause an assertion failure when a
server is using the nxdomain-redirect feature to cover a zone for which it
is also providing authoritative service. A vulnerable server could be
intentionally stopped by an attacker if it was using a configuration that
met the criteria for the vulnerability and if the attacker could cause it
to accept a query that possessed the required attributes. Please note: This
vulnerability affects the “nxdomain-redirect” feature, which is one of two
methods of handling NXDOMAIN redirection, and is only available in certain
versions of BIND. Redirection using zones of type “redirect” is not
affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1
-> 9.9.9-S6, 9.11.0-9.11.0-P1.
Author | Note |
---|---|
mdeslaur | 9.11.0 only |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.014 Low
EPSS
Percentile
86.7%