CVE-2019-6476 MEDIUM

CVE-2019-6476: An error in QNAME minimization code can cause BIND to exit with an assertion failure

Vendor Isc
Product BIND 9
Published October 17, 2019
Last update September 16, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

Key dates

02Disclosure timeline

October 17, 2019 CVE published
September 16, 2024 Record updated