The Internet Systems Consortium (ISC) has issued updates to address multiple security flaws in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite, which could result in a denial-of-service (DoS) condition.
According to its website, the open-source software is utilized by major financial institutions, national and international carriers, internet service providers (ISPs), retailers, manufacturers, educational institutions, and government entities.
All four flaws are found in name, a BIND9 service that acts as an authoritative nameserver for a predefined set of DNS zones or as a recursive resolver for local network clients. The following are the bugs that have been rated 7.5 on the CVSS scoring system:
- CVE-2022-3094 – An UPDATE message flood may cause named to exhaust all available memory
- CVE-2022-3488 – BIND Supported Preview Edition named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries
- CVE-2022-3736 – named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries
- CVE-2022-3924 – named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota
Exploiting th
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: