• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
isc releases security patches for new bind dns software vulnerabilities

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

You are here: Home / General Cyber Security News / ISC Releases Security Patches for New BIND DNS Software Vulnerabilities
January 28, 2023

The Internet Systems Consortium (ISC) has launched patches to tackle numerous security vulnerabilities in the Berkeley Internet Title Domain (BIND) 9 Area Title Technique (DNS) computer software suite that could direct to a denial-of-services (DoS) ailment.

“A remote attacker could exploit these vulnerabilities to most likely lead to denial-of-provider circumstances and method failures,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) stated in an advisory introduced Friday.

The open up resource computer software is utilized by main monetary firms, nationwide and intercontinental carriers, internet support suppliers (ISPs), vendors, companies, educational establishments, and authorities entities, according to its web-site.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


All four flaws reside in named, a BIND9 provider that capabilities as an authoritative nameserver for a fixed set of DNS zones or as a recursive resolver for purchasers on a nearby network.

The record of the bugs, which are rated 7.5 on the CVSS scoring method, is as follows –

  • CVE-2022-3094 – An UPDATE message flood may perhaps bring about named to exhaust all out there memory
  • CVE-2022-3488 – BIND Supported Preview Version named may perhaps terminate unexpectedly when processing ECS choices in recurring responses to iterative queries
  • CVE-2022-3736 – named configured to respond to from stale cache could terminate unexpectedly when processing RRSIG queries
  • CVE-2022-3924 – named configured to response from stale cache may perhaps terminate unexpectedly at recursive-clients soft quota

Productive exploitation of the vulnerabilities could induce the named provider to crash or exhaust accessible memory on a target server.

The issues influence versions 9.16. to 9.16.36, 9.18. to 9.18.10, 9.19. to 9.19.8, and 9.16.8-S1 to 9.16.36-S1. CVE-2022-3488 also impacts BIND Supported Preview Version versions 9.11.4-S1 to 9.11.37-S1. They have been resolved in variations 9.16.37, 9.18.11, 9.19.9, and 9.16.37-S1.

Despite the fact that there is no evidence that any of these vulnerabilities are staying actively exploited, buyers are advisable to update to the newest version as shortly as probable to mitigate possible threats.

Observed this article exciting? Observe us on Twitter  and LinkedIn to go through a lot more special articles we article.


Some components of this post are sourced from:
thehackernews.com

Previous Post: «ukraine hit with new golang based 'swiftslicer' wiper malware in latest Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Latest Cyber Attack
Next Post: Eliminating SaaS Shadow IT is Now Available via a Self-Service Product, Free of Charge eliminating saas shadow it is now available via a self service»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BreachForums Shuts Down After Admin’s Arrest
  • New Android Banking Trojan ‘Nexus’ Promoted As MaaS
  • CISA and NSA Enhance Security Framework With New IAM Guide
  • CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems
  • ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques
  • Surge in compromised credentials highlights rampant cyber hygiene failings
  • Preventing Insider Threats in Your Active Directory
  • Security Researchers Spot $36m BEC Attack
  • Just 1% of Dot-Org Domains Are Fully DMARC Protected
  • Ransomware Attacks Double in Europe’s Transport Sector

Copyright © TheCyberSecurity.News, All Rights Reserved.