CVE-2019-6467

{"id": "CVE-2019-6467", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "security-officer@isc.org", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-10-09T16:15:16.593", "references": [{"url": "https://kb.isc.org/docs/cve-2019-6467", "tags": ["Third Party Advisory"], "source": "security-officer@isc.org"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_20", "source": "security-officer@isc.org"}, {"url": "https://kb.isc.org/docs/cve-2019-6467", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_20", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."}, {"lang": "es", "value": "Un error de programaci\u00f3n en la funcionalidad nxdomain-redirect puede causar un error de aserci\u00f3n en el archivo query.c, si el espacio de nombres alternativo utilizado por nxdomain-redirect es un descendiente de una zona que es servida localmente. El escenario m\u00e1s probable en el que esto podr\u00eda presentarse es si el servidor, adem\u00e1s de realizar el redireccionamiento de NXDOMAIN para clientes recursivos, tambi\u00e9n est\u00e1 sirviendo una copia local de la zona root o utilizando la duplicaci\u00f3n para proveer la zona root, aunque tambi\u00e9n son posibles otras configuraciones. Versiones afectadas: BIND 9.12.0 hasta 9.12.4, y 9.14.0. Tambi\u00e9n afecta a todas las versiones en la rama de desarrollo 9.13."}], "lastModified": "2024-11-21T04:46:30.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C499955-0D38-4828-B94F-9BFE2719246B", "versionEndIncluding": "9.12.4", "versionStartIncluding": "9.12.0"}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8EE96D-C27B-4995-BFB2-B4AC55ACAE8A", "versionEndIncluding": "9.13.7", "versionStartIncluding": "9.13.0"}, {"criteria": "cpe:2.3:a:isc:bind:9.14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "377B83CA-65BF-447F-91B4-E03CB893A879"}], "operator": "OR"}]}], "sourceIdentifier": "security-officer@isc.org"}