6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
0.972 High
EPSS
Percentile
99.8%
A buffer size check used to guard against overflow could cause named to
exit with an INSIST failure In apl_42.c.
A server could exit while performing certain string formatting
operations. Examples include (but may not be limited to):
In versions of BIND 9.10, errors can occur when OPT pseudo-RR data or
ECS options are formatted to text. In 9.10.3 through 9.10.3-P2, the
issue may result in a REQUIRE assertion failure in buffer.c resulting in
application exit.
This issue can affect both authoritative and recursive servers if they
are performing debug logging. It may also crash related tools which use
the same code, such as dig or delv.
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
0.972 High
EPSS
Percentile
99.8%