6 Medium
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.066 Low
EPSS
Percentile
93.1%
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial-of-service (assertion failure and daemon exit) by sending many queries.
(CVE-2012-3817)
Under high query loads when Domain Name System Security Extensions (DNSSEC) validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure. This bug cannot be encountered unless the system is doing DNSSEC validation.
Impact
This issue may cause the name server to crash.
This issue may affect BIG-IP systems on which BIND has been manually configured to perform DNSSEC validation.