A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
| Vendor | Product | Versions |
|---|---|---|
| ISC | BIND 9 | 9.20.0, 9.21.0, 9.20.9-S1, 9.18.45, 9.21.20, 9.11.0, 9.11.3-S1, 9.16.50, 9.16.50-S1 |
Updated affected versions, marked exploit as available, added new CWE, and included new tags.
Updated severity to CRITICAL, added new affected versions, and noted that the vulnerability is actively exploited.
Initial creation
