Primary

Context

ISC BIND 9 TSIG Processing Vulnerability Causes Assertion Failure

Vulnerability

Patched

A denial-of-service vulnerability has been identified in ISC BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7. When a DNS message includes a Transaction Signature (TSIG), BIND checks the TSIG's algorithm field. If the algorithm value is invalid, BIND aborts the operation, leading to an assertion failure. This vulnerability affects both authoritative and resolver servers.

Impact

Exploitation of this vulnerability causes the BIND 'named' process to terminate unexpectedly, disrupting DNS services.

Remediation

Users can upgrade to BIND 9.20.9 or 9.21.8, depending on their current version. NetApp products affected by this vulnerability should refer to the NetApp advisory NTAP-20250523-0001 for guidance.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ISC BIND 9 TSIG Processing Vulnerability Causes Assertion Failure

Vulnerability

Impact

Remediation

Affected Products

ISC BIND

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating