CVE-2019-6469

Summary

An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.

Affected Software

VendorProductVersion RangeStatus
ISCBIND 9 Supported Preview EditionBIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.affected

Weaknesses

  • An attacker who is able to cause a server to perform a query whose answer will be accompanied by malformed RRSIGs can deliberately cause a server to exit if it is using the recursive ECS feature.

Workarounds

Only servers which have enabled the EDNS Client Subnet (ECS) feature can be affected by this defect; it can be prevented by disabling ECS options in the server's configuration.

ADP Enrichment

CVE Program Container

Additional References

References