mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-19 17:32:41 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
952b9936e8
commit
e91f717fa1
@ -1,96 +1,96 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security-officer@isc.org",
|
||||
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
|
||||
"ID": "CVE-2018-5732",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "ISC DHCP",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "ISC DHCP",
|
||||
"version_value": "4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "ISC"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section.\n\nAffects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur."
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security-officer@isc.org",
|
||||
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
|
||||
"ID": "CVE-2018-5732",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "A specially constructed response from a malicious server can cause a buffer overflow in dhclient"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "ISC DHCP",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "ISC DHCP",
|
||||
"version_value": "4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "ISC"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://kb.isc.org/docs/aa-01565",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://kb.isc.org/docs/aa-01565"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n >= DHCP 4.1-ESV-R15-P1\n >= DHCP 4.3.6-P1\n >= DHCP 4.4.1"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Affected versions of dhclient should crash due to an out-of-bounds memory access if they receive and process a triggering response packet. However, buffer overflow outcomes can vary by operating system, and outcomes such as remote code execution may be possible in some circumstances. Where they are present, operating system mitigation strategies such as address space layout randomization (ASLR) should make it difficult to leverage this vulnerability to achieve remote code execution, but we cannot rule it out as impossible. The safest course is to patch dhclient so that the buffer overflow cannot occur."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://kb.isc.org/docs/aa-01565",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://kb.isc.org/docs/aa-01565"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Upgrade to the patched release most closely related to your current version of DHCP. ISC DHCP releases are available from https://www.isc.org/downloads.\n\n >= DHCP 4.1-ESV-R15-P1\n >= DHCP 4.3.6-P1\n >= DHCP 4.4.1"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -43,7 +43,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit.\n\nVersions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
|
||||
"value": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,96 +1,96 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security-officer@isc.org",
|
||||
"DATE_PUBLIC": "2019-02-21T00:00:00.000Z",
|
||||
"ID": "CVE-2018-5744",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "A specially crafted packet can cause named to leak memory"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "BIND 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "BIND 9",
|
||||
"version_value": "BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "ISC"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "ISC would like to thank Toshifumi Sakaguchi for reporting this issue to us."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A failure to free memory can occur when processing messages having a specific combination of EDNS options.\n\nVersions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted."
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security-officer@isc.org",
|
||||
"DATE_PUBLIC": "2019-02-21T00:00:00.000Z",
|
||||
"ID": "CVE-2018-5744",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "A specially crafted packet can cause named to leak memory"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "BIND 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "BIND 9",
|
||||
"version_value": "BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "ISC"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://kb.isc.org/docs/cve-2018-5744",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://kb.isc.org/docs/cve-2018-5744"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Upgrade to a version of BIND containing a fix for the memory leak.\n\n >= BIND 9.11.5-P4\n >= BIND 9.12.3-P4\n"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "ISC would like to thank Toshifumi Sakaguchi for reporting this issue to us."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://kb.isc.org/docs/cve-2018-5744",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://kb.isc.org/docs/cve-2018-5744"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Upgrade to a version of BIND containing a fix for the memory leak.\n\n >= BIND 9.11.5-P4\n >= BIND 9.12.3-P4\n"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,90 +1,90 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security-officer@isc.org",
|
||||
"DATE_PUBLIC": "2019-02-21T00:00:00.000Z",
|
||||
"ID": "CVE-2018-5745",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "BIND 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "BIND 9",
|
||||
"version_value": "BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "ISC"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm.\n\nVersions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 4.9,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This particular vulnerability would be very difficult for an arbitrary attacker to use because it requires an operator to have BIND configured to use a trust anchor managed by the attacker. However, if successfully exercised, the defect will cause named to deliberately exit after encountering an assertion failure.\n\nIt is more likely, perhaps, that this bug could be encountered accidentally, as not all versions of BIND support the same set of cryptographic algorithms. Specifically, recent branches of BIND have begun deliberately removing support for cryptographic algorithms that are now deprecated (for example because they are no longer considered sufficiently secure.) This vulnerability could be encountered if a resolver running a version of BIND which has removed support for deprecated algorithms is configured to use a trust anchor which elects to change algorithm types to one of those deprecated algorithms.\n\n Support for GOST was removed from BIND in 9.13.1.\n Support for DSA was removed from BIND in 9.13.4\n Support for RSAMD5 will be removed from future BIND releases in the 9.13 branch and higher.\n"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security-officer@isc.org",
|
||||
"DATE_PUBLIC": "2019-02-21T00:00:00.000Z",
|
||||
"ID": "CVE-2018-5745",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "BIND 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "BIND 9",
|
||||
"version_value": "BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "ISC"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://kb.isc.org/docs/cve-2018-5745",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://kb.isc.org/docs/cve-2018-5745"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Upgrade to a version of BIND containing a fix preventing the assertion failure.\n\n>= BIND 9.11.5-P4\n>= BIND 9.12.3-P4\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n>= BIND 9.11.5-S5\n"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 4.9,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This particular vulnerability would be very difficult for an arbitrary attacker to use because it requires an operator to have BIND configured to use a trust anchor managed by the attacker. However, if successfully exercised, the defect will cause named to deliberately exit after encountering an assertion failure.\n\nIt is more likely, perhaps, that this bug could be encountered accidentally, as not all versions of BIND support the same set of cryptographic algorithms. Specifically, recent branches of BIND have begun deliberately removing support for cryptographic algorithms that are now deprecated (for example because they are no longer considered sufficiently secure.) This vulnerability could be encountered if a resolver running a version of BIND which has removed support for deprecated algorithms is configured to use a trust anchor which elects to change algorithm types to one of those deprecated algorithms.\n\n Support for GOST was removed from BIND in 9.13.1.\n Support for DSA was removed from BIND in 9.13.4\n Support for RSAMD5 will be removed from future BIND releases in the 9.13 branch and higher.\n"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://kb.isc.org/docs/cve-2018-5745",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://kb.isc.org/docs/cve-2018-5745"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Upgrade to a version of BIND containing a fix preventing the assertion failure.\n\n>= BIND 9.11.5-P4\n>= BIND 9.12.3-P4\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n>= BIND 9.11.5-S5\n"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
@ -41,7 +41,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks.\n\nThis issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0."
|
||||
"value": "The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -80,10 +80,12 @@
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "http://www.tibco.com/services/support/advisories",
|
||||
"url": "http://www.tibco.com/services/support/advisories"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://www.tibco.com/support/advisories/2019/10/tibco-security-advisory-october-8-2019-tibco-mdm",
|
||||
"url": "https://www.tibco.com/support/advisories/2019/10/tibco-security-advisory-october-8-2019-tibco-mdm"
|
||||
}
|
||||
]
|
||||
|
||||
@ -1,17 +1,71 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-11341",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2019-11341",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
|
||||
},
|
||||
{
|
||||
"url": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://twitter.com/fs0c131y/status/1115889065285562368",
|
||||
"url": "https://twitter.com/fs0c131y/status/1115889065285562368"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -203,6 +203,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[oss-security] 20191003 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2019/10/03/1"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/3"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
67
2019/17xxx/CVE-2019-17383.json
Normal file
67
2019/17xxx/CVE-2019-17383.json
Normal file
@ -0,0 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2019-17383",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://rubygems.org/gems/netaddr/versions",
|
||||
"refsource": "MISC",
|
||||
"name": "https://rubygems.org/gems/netaddr/versions"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/dspinhirne/netaddr-rb/commit/3aac46c00a36e71905eaa619cb94d45bff6e3b51",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/dspinhirne/netaddr-rb/commit/3aac46c00a36e71905eaa619cb94d45bff6e3b51"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -42,7 +42,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.\n"
|
||||
"value": "Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,90 +1,90 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security-officer@isc.org",
|
||||
"DATE_PUBLIC": "2019-02-21T00:00:00.000Z",
|
||||
"ID": "CVE-2019-6465",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Zone transfer controls for writable DLZ zones were not effective"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "BIND 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "BIND 9",
|
||||
"version_value": "BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "ISC"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable\n\nVersions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A client exercising this defect can request and receive a zone transfer of a DLZ even when not permitted to do so by the allow-transfer ACL."
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security-officer@isc.org",
|
||||
"DATE_PUBLIC": "2019-02-21T00:00:00.000Z",
|
||||
"ID": "CVE-2019-6465",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Zone transfer controls for writable DLZ zones were not effective"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "BIND 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "BIND 9",
|
||||
"version_value": "BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "ISC"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://kb.isc.org/docs/cve-2019-6465",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://kb.isc.org/docs/cve-2019-6465"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n>= BIND 9.11.5-P4\n>= BIND 9.12.3-P4\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n>= BIND 9.11.5-S5\n"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A client exercising this defect can request and receive a zone transfer of a DLZ even when not permitted to do so by the allow-transfer ACL."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://kb.isc.org/docs/cve-2019-6465",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://kb.isc.org/docs/cve-2019-6465"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n>= BIND 9.11.5-P4\n>= BIND 9.12.3-P4\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n>= BIND 9.11.5-S5\n"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -43,7 +43,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally.\n\nThe most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible.\n\nVersions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."
|
||||
"value": "A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -43,7 +43,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure.\n\nVersions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected."
|
||||
"value": "In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -43,7 +43,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs.\n\nVersions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition."
|
||||
"value": "An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -43,7 +43,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c.\n\nVersions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1."
|
||||
"value": "A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user