Greg Kuechle

**Name of the Vulnerable Software and Affected Versions** BIND versions 9.8.5 through 9.8.8 BIND versions 9.9.3 through 9.11.29 BIND versions 9.12.0 through 9.16.13 BIND 9 Supported Preview Edition versions 9.9.3-S1 through 9.11.29-S1 BIND 9 Supported Preview Edition versions 9.16.8-S1 through 9.16.13-S1 BIND 9.17 development branch versions 9.17.0 through 9.17.11 **Description** The issue is related to insufficient use of the `assert()` function in the BIND server, which can be exploited by a remote attacker to cause a denial of service using a specially crafted request. When a vulnerable version of `named` receives a malformed IXFR, the `named` process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. **Recommendations** For BIND versions 9.8.5 through 9.8.8, update to a version outside of this range to resolve the issue. For BIND versions 9.9.3 through 9.11.29, update to a version outside of this range to resolve the issue. For BIND versions 9.12.0 through 9.16.13, update to a version outside of this range to resolve the issue. For BIND 9 Supported Preview Edition versions 9.9.3-S1 through 9.11.29-S1, update to a version outside of this range to resolve the issue. For BIND 9 Supported Preview Edition versions 9.16.8-S1 through 9.16.13-S1, update to a version outside of this range to resolve the issue. For BIND 9.17 development branch versions 9.17.0 through 9.17.11, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the use of the `named` process to minimize the risk of exploitation.