CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-6467 – An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c
https://notcve.org/view.php?id=CVE-2019-6467
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch. Un error de programación en la funcionalidad nxdomain-redirect puede causar un error de aserción en el archivo query.c, si el espacio de nombres alternativo utilizado por nxdomain-redirect es un descendiente de una zona que es servida localmente. • https://github.com/knqyf263/CVE-2019-6467 https://kb.isc.org/docs/cve-2019-6467 https://www.synology.com/security/advisory/Synology_SA_19_20 • CWE-617: Reachable Assertion •
CVSS: 5.9EPSS: 0%CPEs: 109EXPL: 0CVE-2019-6471 – A race condition when discarding malformed packets can cause BIND to exit with an assertion failure
https://notcve.org/view.php?id=CVE-2019-6471
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1. Una condición de carrera que puede presentarse al descartar paquetes malformados puede provocar la salida de BIND debido a un fallo de aserción de REQUIRE en el archivo dispatch.c. Versiones afectadas: BIND 9.11.0 hasta 9.11.7, 9.12.0 hasta 9.12.4-P1, 9.14.0 hasta 9.14.2. • https://kb.isc.org/docs/cve-2019-6471 https://support.f5.com/csp/article/K10092301?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2019-6471 https://bugzilla.redhat.com/show_bug.cgi?id=1721780 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-6470 – dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries
https://notcve.org/view.php?id=CVE-2019-6470
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. • https://access.redhat.com/errata/RHSA-2019:2060 https://access.redhat.com/errata/RHSA-2019:3525 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122 https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html https://access.redhat.com/security/cve/CVE-2019-6470 https://bugzilla.redhat.com/show_bug.cgi?id=1708641 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 78EXPL: 0CVE-2018-5743 – Limiting simultaneous TCP clients was ineffective
https://notcve.org/view.php?id=CVE-2018-5743
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. • https://kb.isc.org/docs/cve-2018-5743 https://support.f5.com/csp/article/K74009656?utm_source=f5support&%3Butm_medium=RSS https://www.synology.com/security/advisory/Synology_SA_19_20 https://access.redhat.com/security/cve/CVE-2018-5743 https://bugzilla.redhat.com/show_bug.cgi?id=1702541 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2018-5744 – A specially crafted packet can cause named to leak memory
https://notcve.org/view.php?id=CVE-2018-5744
A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Se puede presentar un fallo al liberar memoria cuando se procesan mensajes que tienen una combinación específica de opciones EDNS. Las versiones afectadas son: BIND 9.10.7 hasta 9.10.8-P1, 9.11.3 hasta 9.11.5-P1, 9.12.0 hasta 9.12.3-P1, y las versiones 9.10.7-S1 hasta 9.11.5-S3 de BIND 9 Supported Preview Edition. • https://kb.isc.org/docs/cve-2018-5744 • CWE-772: Missing Release of Resource after Effective Lifetime •