CVE-2019-6469

EPSS 1.06%
Veröffentlicht 09.10.2019 16:15:17
Zuletzt bearbeitet 21.11.2024 04:46:30
Quelle security-officer@isc.org
CVE-Watchlists
Login
Unerledigt
Login

An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Isc ≫ Bind Version9.10.5 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.6 Updates1 SwEditionsupported_preview

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.06%	0.756

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
security-officer@isc.org	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://kb.isc.org/docs/cve-2019-6469

Third Party Advisory

https://support.f5.com/csp/article/K39751401?utm_source=f5support&amp%3Butm_medium=RSS

https://nvd.nist.gov/vuln/detail/CVE-2019-6469

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6469

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6469

EUVD