CVE-2012-5689

Description

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.

How to fix CVE-2012-5689

To remediate CVE-2012-5689, upgrade the affected package to a fixed version below.

• Debian/bind9—upgrade to 1:9.8.4.dfsg.P1-6+nmu1 or later

Is CVE-2012-5689 being exploited?

Low — EPSS is 3.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:9.8.4.dfsg.P1-6+nmu1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-5689