CVE-2019-6468

CWE-617Reachable Assertion7 documents7 sources
Severity
7.5HIGH
EPSS
1.1%
top 22.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ISC Bind 9 Supported Preview EditionISC Bind
Timeline
PublishedOct 9
Latest updateMay 24

Description

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5isc/bind_9_supported_preview_editionBIND 9 9.10.5-S1 -> 9.11.5-S5
Ubuntubind9< 1:9.9.5.dfsg-3ubuntu0.19+2
NVDisc/bind9.10.5, 9.11.5+1

🔴Vulnerability Details

3
GHSA
GHSA-6r46-vvmw-c9mc: In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features2022-05-24
CVEList
BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used2019-10-09
OSV
CVE-2019-6468: In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features2019-04-24

📋Vendor Advisories

2
Red Hat
bind: named can exit with an assertion failure if nxdomain-redirect is used.2019-04-24
Debian
CVE-2019-6468: bind9 - In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can...2019

💬Community

1
Bugzilla
CVE-2019-6468 bind: named can exit with an assertion failure if nxdomain-redirect is used.2019-04-24
CVE-2019-6468 (HIGH CVSS 7.5) | In BIND Supported Preview Edition | cvebase.io