ISC BIND 9.x < 9.9.7-P3 / 9.9.8 / 9.9.8-S1 / 9.9.8rc1 / 9.9.9-S3 / 9.10.2-P4 / 9.10.3 / 9.10.3rc1 Multiple DoS

Versions of ISC BIND 9.x prior to 9.9.7-P3, 9.9.9-S3, 9.10.2-P4, and 9.10.3 are unpatched for the following vulnerabilities :

• An assertion flaw exists that is triggered when parsing malformed DNSSEC keys. With a specially crafted query to a zone containing such a key, a remote attacker can cause a validating resolver to exit.
• A flaw exists in the ‘fromwire_openpgpkey()’ function in ‘openpgpkey_61.c’ that is triggered when the length of the data is less than 1. With a specially crafted response to a query, a remote attacker can cause an assertion failure that terminates named.