CVE-2019-6476

{"id": "CVE-2019-6476", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-officer@isc.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-10-17T20:15:12.880", "references": [{"url": "https://kb.isc.org/docs/cve-2019-6476", "tags": ["Third Party Advisory"], "source": "security-officer@isc.org"}, {"url": "https://security.netapp.com/advisory/ntap-20191024-0004/", "source": "security-officer@isc.org"}, {"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS", "source": "security-officer@isc.org"}, {"url": "https://kb.isc.org/docs/cve-2019-6476", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20191024-0004/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4."}, {"lang": "es", "value": "Un defecto en el c\u00f3digo agregado para soportar la minimizaci\u00f3n de QNAME puede causar que un nombrado salga con un error de aserci\u00f3n si un reenviador devuelve una referencia en lugar de resolver la consulta. Esto afecta a BIND versiones 9.14.0 hasta 9.14.6 y 9.15.0 hasta 9.15.4."}], "lastModified": "2024-11-21T04:46:31.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "139ED9D5-ED04-479F-B9E2-2E5BB257C5CB", "versionEndIncluding": "9.14.6", "versionStartIncluding": "9.14.0"}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F910D6A0-1E35-443D-A57F-C4A8951B69F3", "versionEndIncluding": "9.15.4", "versionStartIncluding": "9.15.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-officer@isc.org"}