Strike ID:
D20-152h1
CVSS:
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
False Positive:
t
Variants:
1
Year:
2020

Description

A denial of service vulnerability exists in BIND DNS Server versions 9.0.0-9.11.18, 9.12.0-9.12.4-P2, 9.14.0-9.14.11, 9.16.0-9.16.2-9.17.0 to 9.17.1 due to lack of Mac field size check when parsing TSIG records. A remote attacker may conduct a denial of service attack by sending a crafted DNS packet which leads to abnormal process termination due to a failed assertion.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}