The Internet Systems Consortium (ISC) has published updates for the BIND DNS software to address a number of vulnerabilities that can be used to trigger DoS attacks and even remote code execution.
Three new security advisories have been issued, two of which cover high-severity remotely exploitable vulnerabilities. The vulnerability advisories were made public on April 28, but certain organizations were informed privately beforehand.
CVE-2021-25216, a buffer overflow that can cause a server crash and, in some situations, remote code execution, is the most severe vulnerability, with a CVSS score of 8.1.
To Read More: SecurityWeek