CVE-2019-6476

CWE-617Reachable Assertion10 documents8 sources
Severity
7.5HIGH
EPSS
1.3%
top 20.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ISC BindISC Bind 9
Timeline
PublishedOct 17
Latest updateMay 24

Description

A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

Alpinebind< 9.14.7-r0+13
NVDisc/bind9.14.09.14.6+1
CVEListV5isc/bind_99.14.0 up to 9.14.6, 9.15.0 up to 9.15.4+1

🔴Vulnerability Details

3
GHSA
GHSA-7rr8-wvj2-chhv: A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than r2022-05-24
OSV
CVE-2019-6476: A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than r2019-10-17
CVEList
An error in QNAME minimization code can cause BIND to exit with an assertion failure2019-10-17

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2020-64752020-05-19
Red Hat
bind: An error in QNAME minimization code can cause BIND to exit with an assertion failure2019-10-16
Debian
CVE-2019-6476: bind9 - A defect in code added to support QNAME minimization can cause named to exit wit...2019

💬Community

3
Bugzilla
CVE-2019-6476 bind: An error in QNAME minimization code can cause BIND to exit with an assertion failure2019-10-17
Bugzilla
CVE-2019-6476 bind: An error in QNAME minimization code can cause BIND to exit with an assertion failure [fedora-all]2019-10-17
Bugzilla
CVE-2019-9658 checkstyle: Loads external DTDs by default2019-04-01
CVE-2019-6476 (HIGH CVSS 7.5) | A defect in code added to support Q | cvebase.io