CVE-2019-6467

CWE-617Reachable Assertion7 documents7 sources
Severity
7.5HIGH
EPSS
17.2%
top 4.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ISC BindISC Bind 9
Timeline
PublishedOct 9
Latest updateMay 24

Description

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Alpinebind< 9.14.1-r0+17
NVDisc/bind9.12.09.12.4+2
CVEListV5isc/bind_9BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

🔴Vulnerability Details

3
GHSA
GHSA-92q8-7pjj-mpmp: A programming error in the nxdomain-redirect feature can cause an assertion failure in query2022-05-24
CVEList
An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c2019-10-09
OSV
CVE-2019-6467: A programming error in the nxdomain-redirect feature can cause an assertion failure in query2019-10-09

📋Vendor Advisories

2
Red Hat
bind: flaw in nxredirect can cause assertion failure2019-04-24
Debian
CVE-2019-6467: bind9 - A programming error in the nxdomain-redirect feature can cause an assertion fail...2019

💬Community

1
Bugzilla
CVE-2019-6467 bind: flaw in nxredirect can cause assertion failure2019-04-24
CVE-2019-6467 (HIGH CVSS 7.5) | A programming error in the nxdomain | cvebase.io