7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.205 Low
EPSS
Percentile
96.3%
Problem Description
For a recursive DNS server, a remote attacker sending enough
recursive queries for the replies to arrive after all the
interested clients have left the recursion queue will trigger
an INSIST failure in the named(8) daemon. Also for a
recursive DNS server, an assertion failure can occur when
processing a query whose reply will contain more than one
SIG(covered) RRset.
For an authoritative DNS server serving a RFC 2535 DNSSEC
zone which is queried for the SIG records where there are
multiple SIG(covered) RRsets (e.g. a zone apex), named(8)
will trigger an assertion failure when it tries to construct
the response.
Impact
An attacker who can perform recursive lookups on a DNS server
and is able to send a sufficiently large number of recursive
queries, or is able to get the DNS server to return more than
one SIG(covered) RRsets can stop the functionality of the DNS
service.
An attacker querying an authoritative DNS server serving a
RFC 2535 DNSSEC zone may be able to crash the DNS server.
Workaround
A possible workaround is to only allow trusted clients to
perform recursive queries.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.205 Low
EPSS
Percentile
96.3%