6 Medium
AI Score
Confidence
Low
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.012 Low
EPSS
Percentile
83.4%
ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. (CVE-2012-5689)
BIG-IP configurations using DNS64 (the DNS IPv6 to IPv4 option configured in the DNS profile) and Response Policy Zone (RPZ) Rewriting together are affected by this CVE.
Note: RPZ Rewriting is an optional BIND 9.x configuration that allows administrators to create DNS deny lists.
Impact
Remote attackers may be able to cause a denial-of-service (DoS) attack by making a query for an AAAA record.