Published: 30/10/2019 Updated: 07/11/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.

Vulnerability Trend

Affected Products

Vendor Product Versions
IscBind9.9.4-65, 9.9.4-72

Vendor Advisories

PowerKVM is affected by a vulnerability in Bind IBM has now addressed this vulnerability ...
Crash from assertion error when debug log level is 10 and log entries meet buffer boundary This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10 As this configuration should be rare in production instances of bind, it is unlikely that most servers will be exploitable The debug level of the bind ...
Oracle Linux Bulletin - Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released These bu ...