named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
36
Affected Products
12
References
isc / bind
| - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| isc | bind | - | - |
| netapp | data_ontap_edge | - | - |
| netapp | element_software | - | - |
| netapp | oncommand_balance | - | - |
| debian | debian_linux | - | - |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability
Impact