2 matches found
A malicious zone operator can piggyback other transactions, when a caller tries to fulfill the restricted order
Lines of code Vulnerability details If an order has a restricted order type and, if the caller is other than the offerer or zone, then a staticcall to isValidOrder on the zone is made. This call outside the Seaport contract opens up a possible misuse by the zone contract implementation. The zone...
Debian DLA-163-1 : bind9 security update
Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives 'dnssec-validation...