Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota
Vulnerability Description
This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
ISC BIND 安全漏洞
Vulnerability Description
ISC BIND是美国ISC公司的一套实现了DNS协议的开源软件。 BIND 9.16.0版本至9.16.36版本、9.18.0版本至9.18.10版本、9.19.0版本至9.19.8版本存在安全漏洞,该漏洞源于如果解析器收到很多需要递归的查询,那么等待递归完成的客户端数量就会相应增加,如果在接收到新客户端查询时已经有足够多的客户端在等待,可能会发生竞争导致断言失败。
CVSS Information
N/A
Vulnerability Type
N/A