### [CVE-2019-6471](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6471)
![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=BIND%209BIND%209.11.0%20-%3E%209.11.7%2C%209.12.0%20-%3E%209.12.4-P1%2C%209.14.0%20-%3E%209.14.2.%20Also%20all%20releases%20of%20the%20BIND%209.13%20development%20branch%20and%20version%209.15.0%20of%20the%20BIND%209.15%20development%20branch%20and%20BIND%20Supported%20Preview%20Edition%20versions%209.11.3-S1%20-%3E%209.11.7-S1.%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20attacker%20who%20can%20cause%20a%20resolver%20to%20perform%20queries%20which%20will%20be%20answered%20by%20a%20server%20which%20responds%20with%20deliberately%20malformed%20answers%20can%20cause%20named%20to%20exit%2C%20denying%20service%20to%20clients.&color=brighgreen)

### Description

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Seabreg/bind
- https://github.com/balabit-deps/balabit-os-8-bind9-libs
- https://github.com/balabit-deps/balabit-os-9-bind9-libs
- https://github.com/bg6cq/bind9
- https://github.com/pexip/os-bind9-libs