"Internet Systems Consortium (ISC) Fixed Three DoS Flaws in BIND"

The Internet Systems Consortium (ISC) has issued security updates to address three Denial-of-Service (DoS) flaws in the Domain Name System (DNS) software suite BIND. The vulnerabilities, tracked as CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911, are remotely exploitable. According to ISC, the three critical vulnerabilities could be exploited to saturate devices' memory or cause the BIND's daemon 'named' to crash. An adversary can exploit one of the vulnerabilities to cause a named resolver's memory usage to exceed the configured maximum cache size, resulting in a DoS. This article continues to discuss the DoS vulnerabilities in the DNS software suite BIND addressed by the ISC.

Security Affairs reports "Internet Systems Consortium (ISC) Fixed Three DoS Flaws in BIND"

Submitted by Anonymous on Mon, 06/26/2023 - 12:33