CVE-2010-3762

Description

ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.

How to fix CVE-2010-3762

To remediate CVE-2010-3762, upgrade the affected package to a fixed version below.

• Debian/bind9—upgrade to 1:9.7.2.dfsg.P2-1 or later

Is CVE-2010-3762 being exploited?

Moderate — EPSS is 27.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1:9.7.2.dfsg.P2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-3762