ROS-20230414-02

DNS server BIND vulnerability is related to reachable assertion in DNS query processing. Exploitation
The vulnerability allows an attacker acting remotely to send repeated patterns of specific requests to servers with DNSSEC-Validated Cache (synth-from-rom) enabled.
queries to servers with the DNSSEC-Validated Cache (synth-from-dnssec) feature enabled and cause the
INSIST error in query.c:query_dname, causing named to terminate unexpectedly.

DNS server vulnerability BIND is related to flaws in HTTP request processing. Exploitation of the vulnerability
allows a remote attacker to affect data integrity

DNS server vulnerability BIND is related to the processing of a DS record request that needs to be
redirect, BIND waits until this processing is complete or until the wait time for the wait time timer
wait time expires, this timeout results in a call to resume_dslookup(), which
does not check if the fetch was previously completed. Exploitation of the vulnerability allows an attacker acting
remotely to cause the binding process to terminate.

The DNS BIND server vulnerability is related to improper resource termination or release,
which results in an incomplete cleanup. Exploitation of the vulnerability allows an attacker acting
remotely, to send specially crafted TCP streams with ‘keep-response-order’ enabled, which could
cause binding connections to remain in the CLOSE_WAIT state for an indefinite period,
even after the client has terminated the connection.