漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Invalid handling of CLASS != IN
Vulnerability Description
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
ISC BIND 9 输入验证错误漏洞
Vulnerability Description
ISC BIND 9是ISC组织的一个域名系统软件。 ISC BIND 9存在输入验证错误漏洞,该漏洞源于处理非Internet类DNS消息时存在缺陷,可能导致断言失败。以下版本受到影响:9.11.0版本至9.16.50版本、9.18.0版本至9.18.48版本、9.20.0版本至9.20.22版本、9.21.0版本至9.21.21版本、9.11.3-S1版本至9.16.50-S1版本、9.18.11-S1版本至9.18.48-S1版本和9.20.9-S1版本至9.20.22-S1版本。
CVSS Information
N/A
Vulnerability Type
N/A