Intrusion Prevention



This indicates an attack attempt against a Denial of Service vulnerability in ISC BIND.
The vulnerability is due to an assertion error in the processing of negative responses containing large RRSIG RRsets. Successful exploitation requires that the attacker can directly query or trick an authorised client into querying the targeted caching resolvers.

Affected Products

ISC BIND 9.4.x
ISC BIND 9.6.x
ISC BIND 9.7.x
ISC BIND 9.8.x


Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the website.

CVE References