CVE-2019-6467

Name of the Vulnerable Software and Affected Versions BIND versions 9.12.0 through 9.12.4 BIND version 9.14.0 BIND 9.13 development branch

Description A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c. This issue is most likely to occur when the server is performing NXDOMAIN redirection for recursive clients and also serving a local copy of the root zone or using mirroring to provide the root zone. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For BIND versions 9.12.0 through 9.12.4, consider disabling the nxdomain-redirect feature until a patch is available. For BIND version 9.14.0, consider disabling the nxdomain-redirect feature until a patch is available. For the BIND 9.13 development branch, consider disabling the nxdomain-redirect feature until a patch is available. As a temporary workaround, consider restricting the use of the query.c function to minimize the risk of exploitation.