ISC BIND TSIG Validation Denial of Service

A denial of service vulnerability exists in BIND DNS Server versions 9.0.0-9.11.18, 9.12.0-9.12.4-P2, 9.14.0-9.14.11, 9.16.0-9.16.2-9.17.0 to 9.17.1 due to lack of Mac field size check when parsing TSIG records. A remote attacker may conduct a denial of service attack by sending a crafted DNS packet which leads to abnormal process termination due to a failed assertion.