Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
Vulnerability Description
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
ISC BIND 缓冲区错误漏洞
Vulnerability Description
ISC BIND是美国ISC公司的一套实现了DNS协议的开源软件。 ISC BIND 9 9.2.0 到 9.16.43、9.18.0 到 9.18.18、9.19.0 到 9.19.16、9.9.3-S1 到 9.16.43-S1 以及 9.18.0-S1 到 9.18 .18-S1版本存在缓冲区错误漏洞,该漏洞源于处理发送到named的控制通道消息的代码在数据包解析期间递归地调用某些函数,但递归深度仅受最大接受数据包大小的限制,这可能导致数据包解析代码耗尽可用的堆栈内存,导致named意外终止。
CVSS Information
N/A
Vulnerability Type
N/A