CVE-2019-6467— ISC BIND 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2019-6467の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c
ソース: NVD (National Vulnerability Database)
脆弱性説明
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
ISC BIND 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
ISC BIND是美国ISC公司的一套实现了DNS协议的开源软件。 ISC BIND 9.12.0版本至9.12.4版本和9.14.0版本(包括:9.13 development branch版本)中的nxdomain-redirect功能存在安全漏洞。攻击者可利用该漏洞造成BIND退出,导致拒绝服务。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2019-6467の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | CVE-2019-6467 (BIND nxdomain-redirect) | https://github.com/knqyf263/CVE-2019-6467 | POC詳細 |
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2019-6467のインテリジェンス情報
请登录查看更多情报信息。
- https://www.synology.com/security/advisory/Synology_SA_19_20x_refsource_CONFIRM
- https://kb.isc.org/docs/cve-2019-6467x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2019-6467
Same Patch Batch · ISC · 2019-10-09 · 9 CVEs total
| CVE-2018-5732 | A specially constructed response from a malicious server can cause a buffer overflow in dh | |
| CVE-2018-5743 | Limiting simultaneous TCP clients was ineffective | |
| CVE-2018-5744 | A specially crafted packet can cause named to leak memory | |
| CVE-2018-5745 | An assertion failure can occur if a trust anchor rolls over to an unsupported key algorith | |
| CVE-2019-6465 | Zone transfer controls for writable DLZ zones were not effective | |
| CVE-2019-6468 | BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is | |
| CVE-2019-6469 | BIND Supported Preview Edition can exit with an assertion failure if ECS is in use | |
| CVE-2019-6471 | A race condition when discarding malformed packets can cause BIND to exit with an assertio |
IV. 関連脆弱性
同じ製品: BIND 9
- CVE-2026-3591
A stack use-after-return flaw in SIG(0) handling code may en - CVE-2026-3119
Authenticated query containing a TKEY record may cause named - CVE-2026-3104
Memory leak in code preparing DNSSEC proofs of non-existence - CVE-2026-1519
Excessive NSEC3 iterations cause high CPU load during insecu - CVE-2025-13878
Malformed BRID/HHIT records can cause named to terminate une
同じベンダー: ISC
- CVE-2026-3591
A stack use-after-return flaw in SIG(0) handling code may en - CVE-2026-3119
Authenticated query containing a TKEY record may cause named - CVE-2026-3104
Memory leak in code preparing DNSSEC proofs of non-existence - CVE-2026-1519
Excessive NSEC3 iterations cause high CPU load during insecu - CVE-2026-3608
Stack overflow in Kea daemons
V. CVE-2019-6467へのコメント
まだコメントはありません