CVE-2019-6467

HIGH

ISC Bind < 9.12.4 - Reachable Assertion

Title source: rule
STIX 2.1

Description

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

Exploits (1)

nomisec WORKING POC 26 stars
by knqyf263 · poc
https://github.com/knqyf263/CVE-2019-6467

References (2)

Core 2
Core References
Third Party Advisory x_refsource_confirm
https://kb.isc.org/docs/cve-2019-6467

Scores

CVSS v3 7.5
EPSS 0.1722
EPSS Percentile 95.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-617
Status published
Products (2)
isc/bind 9.14.0
isc/bind 9.12.0 - 9.12.4
Published Oct 09, 2019
Tracked Since Feb 18, 2026