26 matches found
bind: bind9: Many records in the additional section cause CPU exhaustion
A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...
bind: bind9: DNS-over-HTTPS implementation suffers from multiple issues under heavy query load
A flaw was found in BIND 9. By flooding a target resolver with HTTP/2 traffic and exploiting this flaw, an attacker could overwhelm the server, causing high CPU and/or memory usage and preventing other clients from establishing DoH connections. This issue could significantly impair the resolver's...
bind: bind9: Many records in the additional section cause CPU exhaustion
A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...
bind: bind9: Many records in the additional section cause CPU exhaustion
A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...
bind9: Parsing large DNS messages may cause excessive CPU load
A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service...
bind9: bind: SIG(0) can be used to exhaust CPU resources
A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a "KEY" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a "KEY" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG0...
bind9: bind: SIG(0) can be used to exhaust CPU resources
A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a "KEY" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a "KEY" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG0...
bind9: bind: SIG(0) can be used to exhaust CPU resources
A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a "KEY" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a "KEY" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG0...
bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam
A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This...
bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam
A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This...
bind9: bind: SIG(0) can be used to exhaust CPU resources
A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a "KEY" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a "KEY" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG0...
bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam
A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This...
bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...
bind9: Parsing large DNS messages may cause excessive CPU load
A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service...
bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...
bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...
bind9: Parsing large DNS messages may cause excessive CPU load
A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service...
bind9: Parsing large DNS messages may cause excessive CPU load
A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service...
bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled
A flaw was found in the bind package which may result in a Denial of Service in named process. This is a result of a reachable assertion, leading named to prematurely terminate when both conditions are met: nxdomain-redirect for the queried domain is configured and the resolver receives a PTR...
bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution
A flaw was found in the bind package. This issue may allow an attacker to query in a DNS64 enabled resolver node with a domain name triggering a server-stale data, triggering a code assertion, and resulting in a crash of named processes. This can allow a remote unauthenticated user to cause a...