The DNS message parsing code in named
includes a section whose
computational complexity is overly high. It does not cause problems for
typical DNS traffic, but crafted queries and responses may cause excessive
CPU load on the affected named
instance by exploiting this flaw. This
issue affects both authoritative servers and recursive resolvers. This
issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through
9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1
through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Notes
Author |
Note |
alexmurray |
As of isc-dhcp-4.4.3-1, isc-dhcp vendors bind9 libs |
mdeslaur |
This is unlikely to affect isc-dhcp’s use of bind9-libs and the vendored bind9 libs, marking as negligible |