CVE-2015-8704

Name of the Vulnerable Software and Affected Versions ISC BIND 9.x versions 9.9.8-P3 and earlier, 9.9.x, and 9.10.x versions prior to 9.10.3-P3

Description The issue is caused by insufficient input validation, allowing a remote authenticated attacker to cause a denial of service via a malformed Address Prefix List (APL) record. This can lead to an INSIST assertion failure and daemon exit. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of a specially crafted Address Prefix List (APL) record to trigger the INSIST assertion failure.

Recommendations For ISC BIND 9.x versions prior to 9.9.8-P3, update to version 9.9.8-P3 or later. For ISC BIND 9.9.x, update to a version that includes the fix for this issue. For ISC BIND 9.10.x versions prior to 9.10.3-P3, update to version 9.10.3-P3 or later. As a temporary workaround, consider restricting access to the apl 42.c function until a patch is available.