CVE-2019-6476 - A defect in code added to support QNAME minimization can cause named to exit with an assertion failu

CVE-2019-6476

Summary

A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

References

Vulnerable Configurations

cpe:2.3:a:isc:bind:9.14.0:-:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.0:-:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.0:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.0:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.14.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.15.4:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 24-10-2019 - 06:15)
Impact:
Exploitability:

CWE

CWE-617

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm

Last major update

24-10-2019 - 06:15

Published

17-10-2019 - 20:15

Last modified

24-10-2019 - 06:15