In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (*) character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.
The product does not release or incorrectly releases a resource before it is made available for re-use.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bind | Isc | 9.11.14 (including) | 9.11.19 (including) |
| Bind | Isc | 9.11.14-s1 (including) | 9.11.19-s1 (including) |
| Bind | Isc | 9.14.9 (including) | 9.14.12 (including) |
| Bind | Isc | 9.16.0 (including) | 9.16.3 (including) |
| Red Hat Enterprise Linux 8 | RedHat | bind-32:9.11.20-5.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | bind-32:9.11.20-5.el8 | * |
| Bind9 | Ubuntu | devel | * |
| Bind9 | Ubuntu | focal | * |
| Bind9 | Ubuntu | trusty | * |
| Bind9 | Ubuntu | upstream | * |