How severe is CVE-2019-6467?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2019-6467?

This is classified as CWE-617, which is a common weakness in software security.

CVE-2019-6467

MEDIUM Year: 2019

CVSS v3 Score

5.9

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-617

View all →

Vulnerability Description

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

CVE-2017-3136

MEDIUM

CVSS:5.9(Medium)

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-se...

CWE-6172017

CVE-2018-5742

MEDIUM

CVSS:5.9(Medium)

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No IS...

CWE-6172018

CVE-2019-6469

MEDIUM

CVSS:5.9(Medium)

An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND ...

CWE-6172019

CVE-2020-8617

MEDIUM

CVSS:5.9(Medium)

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the ser...

CWE-6172020

CVE-2021-31294

MEDIUM

CVSS:5.9(Medium)

Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and ...

CWE-6172021

CVE-2017-12168

MEDIUM

CVSS:6.0(Medium)

The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by...

CWE-6172017

CVE-2019-6467

Vulnerability Description

Related Vulnerabilities

CVE-2017-3136

CVE-2018-5742

CVE-2019-6469

CVE-2020-8617

CVE-2021-31294

CVE-2017-12168