cve/2019/CVE-2019-6467.md

### [CVE-2019-6467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6467)
![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=BIND%209BIND%209.12.0-%3E%209.12.4%2C%209.14.0.%20Also%20affects%20all%20releases%20in%20the%209.13%20development%20branch.%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20attacker%20who%20can%20deliberately%20trigger%20the%20condition%20on%20a%20server%20with%20a%20vulnerable%20configuration%20can%20cause%20BIND%20to%20exit%2C%20denying%20service%20to%20other%20clients.&color=brighgreen)

### Description

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/NetW0rK1le3r/awesome-hacking-lists
- https://github.com/Seabreg/bind
- https://github.com/bg6cq/bind9
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/knqyf263/CVE-2019-6467
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/readloud/Awesome-Stars
- https://github.com/taielab/awesome-hacking-lists
- https://github.com/xbl2022/awesome-hacking-lists