Updated: 2025-08-20 02:24:20.24566
Description:
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 4.0 |
| CVSS Version 3.x | MEDIUM | 6.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | bind | 9.16.23 | 6.5 | MEDIUM | Ignored | 2024-03-12 09:49:25 | This flaw only causes a denial‑of‑service (assertion‑triggered exit) and is triggered specific... | |
| CentOS 6 ELS | bind | 9.8.2 | 6.5 | MEDIUM | Already Fixed | 2022-11-30 07:02:37 | ||
| CentOS 7 ELS | bind | 9.11.4 | 6.5 | MEDIUM | Already Fixed | 2024-03-13 11:09:07 | ||
| CentOS 8.4 ELS | bind | 9.11.26 | 6.5 | MEDIUM | Already Fixed | 2022-11-30 10:03:00 | ||
| CentOS 8.5 ELS | bind | 9.11.26 | 6.5 | MEDIUM | Already Fixed | 2022-11-30 10:03:00 | ||
| CloudLinux 6 ELS | bind | 9.8.2 | 6.5 | MEDIUM | Already Fixed | 2022-11-30 07:02:37 | ||
| Debian 10 ELS | bind9 | 9.11.5 | 6.5 | MEDIUM | Ignored | 2025-10-11 00:24:20 | Ignored due to low severity | |
| Oracle Linux 6 ELS | bind | 9.8.2 | 6.5 | MEDIUM | Already Fixed | 2022-11-30 07:02:37 | ||
| Ubuntu 16.04 ELS | bind9 | 9.10.3 | 6.5 | MEDIUM | Already Fixed | 2022-11-30 10:03:00 | ||
| Ubuntu 18.04 ELS | bind9 | 9.11.3 | 6.5 | MEDIUM | Ignored | 2024-03-12 09:49:25 | Ignored due to low severity |