CVE-2019-6476
First published: Thu Oct 17 2019(Updated: )
A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.
Credit: security-officer@isc.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ISC BIND | >=9.14.0<=9.14.6 | |
| ISC BIND | >=9.15.0<=9.15.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-6476?
The severity of CVE-2019-6476 is high with a CVSS score of 7.5.
How does CVE-2019-6476 affect ISC BIND?
CVE-2019-6476 affects ISC BIND versions 9.14.0 up to 9.14.6 and 9.15.0 up to 9.15.4.
What is the vulnerability description of CVE-2019-6476?
CVE-2019-6476 is a defect in code added to support QNAME minimization in BIND, which can cause named to exit with an assertion failure if a forwarder returns a referral instead of resolving the query.
How can I fix CVE-2019-6476?
To fix CVE-2019-6476, it is recommended to upgrade to a patched version of BIND (9.14.7 or 9.15.5), provided by ISC.
Where can I find more information about CVE-2019-6476?
More information about CVE-2019-6476 can be found in the following references: [ISC Knowledge Base](https://kb.isc.org/docs/cve-2019-6476), [NetApp Advisory](https://security.netapp.com/advisory/ntap-20191024-0004/), [F5 Support Article](https://support.f5.com/csp/article/K42238532?utm_source=f5support&utm_medium=RSS)
- collector/nvd-index
- vendor/isc
- canonical/isc bind
- version/isc bind/9.14.0
- version/isc bind/9.14.6
- version/isc bind/9.15.0
- version/isc bind/9.15.4