CVE-2019-6471

Name of the Vulnerable Software and Affected Versions BIND versions 9.11.0 through 9.11.7 BIND versions 9.12.0 through 9.12.4-P1 BIND versions 9.14.0 through 9.14.2 BIND 9.13 development branch (all releases) BIND 9.15 development branch version 9.15.0 BIND Supported Preview Edition versions 9.11.3-S1 through 9.11.7-S1

Description A race condition may occur when discarding malformed packets, resulting in BIND exiting due to a REQUIRE assertion failure in dispatch.c. This issue can lead to a denial of service, allowing a remote attacker to cause the service to terminate. The vulnerability is related to the handling of incoming packets and can be triggered by specially crafted packets.

Recommendations For BIND versions 9.11.0 through 9.11.7, update to version 9.11.9 or later. For BIND versions 9.12.0 through 9.12.4-P1, update to a version later than 9.12.4-P1. For BIND versions 9.14.0 through 9.14.2, update to version 9.14.4 or later. For the BIND 9.13 development branch, update to a version that includes the fix for this issue. For the BIND 9.15 development branch, update to version 9.15.2 or later. For BIND Supported Preview Edition versions 9.11.3-S1 through 9.11.7-S1, update to a version later than 9.11.7-S1.