Updated: 2024-11-23 04:07:08.397714
Description:
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 4 |
CVSS Version 3.x | MEDIUM | 6.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | bind | 9.8.2 | 6.5 | MEDIUM | Released | CLSA-2021:1632261705 | 2022-05-05 12:00:46 | |
CentOS 7 ELS | bind | 9.11.4 | 6.5 | MEDIUM | Already Fixed | 2023-09-19 09:30:35 | ||
CentOS 8.4 ELS | bind | 9.11.26 | 6.5 | MEDIUM | Released | CLSA-2022:1643212135 | 2022-04-25 18:47:32 | |
CentOS 8.5 ELS | bind | 9.11.26 | 6.5 | MEDIUM | Not Vulnerable | 2022-04-25 18:47:32 | ||
CloudLinux 6 ELS | bind | 9.8.2 | 6.5 | MEDIUM | Released | 2022-04-25 18:47:31 | ||
Oracle Linux 6 ELS | bind | 9.8.2 | 6.5 | MEDIUM | Released | CLSA-2021:1634922250 | 2022-04-25 18:47:32 | |
Ubuntu 16.04 ELS | bind9 | 9.10.3 | 6.5 | MEDIUM | Not Vulnerable | 2022-04-04 03:48:03 | ||
Ubuntu 18.04 ELS | bind9 | 9.11.3 | 6.5 | MEDIUM | Ignored | 2023-03-02 04:04:23 |