FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bind -- denial of service vulnerability

Affected packages
bind99 < 9.9.7P3
9.10.2 <= bind910 < 9.10.2P4
0 < bind910-base
0 < bind99-base
9.3 <= FreeBSD < 9.3_25

Details

VuXML ID eaf3b255-5245-11e5-9ad8-14dae9d210b8
Discovery 2015-08-19
Entry 2015-09-03
Modified 2016-08-09

ISC reports:

Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from a zone containing a deliberately malformed key.

References

CVE Name CVE-2015-5722
FreeBSD Advisory SA-15:23.bind
URL https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/