Multiple severe Denial-of-Service (DoS) vulnerabilities in the DNS software suite BIND were patched this week by the Internet Systems Consortium (ISC).
The issues mentioned could be remotely exploited to crash named, the BIND daemon that serves as both an authoritative name server and a recursive resolver, or they could cause the memory to run out. The first security flaw, identified as CVE-2022-3094, can be exploited by sending a large number of dynamic DNS updates, which would force named to allocate a lot of memory and cause a crash because there wouldn’t be enough free memory.
The vulnerability only affects trusted clients that are permitted to make dynamic zone changes, according to ISC, because allocated memory is only kept for clients whose access credentials are accepted.
Read More: BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.