Ezequiel Tavella

**Name of the Vulnerable Software and Affected Versions** ISC BIND 9 versions 9.9.9 before 9.9.9-P3 ISC BIND 9 versions 9.10.x before 9.10.4-P3 ISC BIND 9 versions 9.11.x before 9.11.0rc3 **Description** The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and daemon exit, by sending a crafted query. This can also be triggered by sending an overly long request when lwresd or the named lwres option is enabled, causing the daemon to crash. **Recommendations** For ISC BIND 9 versions 9.9.9 before 9.9.9-P3, update to version 9.9.9-P3 or later. For ISC BIND 9 versions 9.10.x before 9.10.4-P3, update to version 9.10.4-P3 or later. For ISC BIND 9 versions 9.11.x before 9.11.0rc3, update to version 9.11.0rc3 or later. As a temporary workaround, consider disabling the lwresd option or the named lwres option to minimize the risk of exploitation.