CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
44.1%
A flaw was found in the named
application, part of the bind9 package, which uses a cache database to speeds up DNS queries. To maintain its efficiency when running as a recursive name resolver, named
performs a cache database clean up under certain conditions. This issue may allow an attacker to craft a continuous set of crafted queries, which can induce named
to trigger the cleanup process with a high frequency, making the internal cleanup items queue to grow indefinitely. This can lead to an uncontrolled memory consumption and resource starvation, potentially making named
consume all available memory in the host, leading to a Denial of Service of the targeted system.
There is no available mitigation for this issue other than applying the required fixes via the released updates.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
44.1%