A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bind | Isc | 9.8.0 (including) | 9.8.8 (including) |
| Bind | Isc | 9.9.0 (including) | 9.9.9 (including) |
| Bind | Isc | 9.10.0 (including) | 9.10.4 (including) |
| Bind | Isc | 9.8.0-p1 (including) | 9.8.0-p1 (including) |
| Bind | Isc | 9.9.0-p1 (including) | 9.9.0-p1 (including) |
| Bind | Isc | 9.9.0-p2 (including) | 9.9.0-p2 (including) |
| Bind | Isc | 9.9.0-p3 (including) | 9.9.0-p3 (including) |
| Bind | Isc | 9.9.0-p4 (including) | 9.9.0-p4 (including) |
| Bind | Isc | 9.9.0-p5 (including) | 9.9.0-p5 (including) |
| Bind | Isc | 9.9.0-p6 (including) | 9.9.0-p6 (including) |
| Bind | Isc | 9.9.3 (including) | 9.9.3 (including) |
| Bind | Isc | 9.9.3-s1 (including) | 9.9.3-s1 (including) |
| Bind | Isc | 9.9.10-beta1 (including) | 9.9.10-beta1 (including) |
| Bind | Isc | 9.9.10-rc1 (including) | 9.9.10-rc1 (including) |
| Bind | Isc | 9.10.4-p1 (including) | 9.10.4-p1 (including) |
| Bind | Isc | 9.10.4-p2 (including) | 9.10.4-p2 (including) |
| Bind | Isc | 9.10.4-p3 (including) | 9.10.4-p3 (including) |
| Bind | Isc | 9.10.4-p4 (including) | 9.10.4-p4 (including) |
| Bind | Isc | 9.10.4-p5 (including) | 9.10.4-p5 (including) |
| Bind | Isc | 9.10.4-p6 (including) | 9.10.4-p6 (including) |
| Bind | Isc | 9.10.5-b1 (including) | 9.10.5-b1 (including) |
| Bind | Isc | 9.10.5-rc1 (including) | 9.10.5-rc1 (including) |
| Bind | Isc | 9.11.0 (including) | 9.11.0 (including) |
| Bind | Isc | 9.11.0-p1 (including) | 9.11.0-p1 (including) |
| Bind | Isc | 9.11.0-p2 (including) | 9.11.0-p2 (including) |
| Bind | Isc | 9.11.0-p3 (including) | 9.11.0-p3 (including) |
| Bind | Isc | 9.11.1-beta1 (including) | 9.11.1-beta1 (including) |
| Bind | Isc | 9.11.1-rc1 (including) | 9.11.1-rc1 (including) |
| Red Hat Enterprise Linux 6 | RedHat | bind-32:9.8.2-0.62.rc1.el6_9.1 | * |
| Red Hat Enterprise Linux 7 | RedHat | bind-32:9.9.4-38.el7_3.3 | * |
| Bind9 | Ubuntu | devel | * |
| Bind9 | Ubuntu | esm-infra-legacy/trusty | * |
| Bind9 | Ubuntu | esm-infra/xenial | * |
| Bind9 | Ubuntu | precise | * |
| Bind9 | Ubuntu | trusty | * |
| Bind9 | Ubuntu | trusty/esm | * |
| Bind9 | Ubuntu | vivid/stable-phone-overlay | * |
| Bind9 | Ubuntu | vivid/ubuntu-core | * |
| Bind9 | Ubuntu | xenial | * |
| Bind9 | Ubuntu | yakkety | * |
| Bind9 | Ubuntu | zesty | * |
While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service. For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.