

DOS vulnerability in BIND - muraiki
https://kb.isc.org/article/AA-01272

======
muraiki
Sorry for changing the title, but the page title didn't really convey how
serious this is. There is an additional post on the ISC site which says:

"Many of our bugs are limited in scope or affect only users having a
particular set of configuration choices. CVE-2015-5477 does not fall into that
category. Almost all unpatched BIND servers are potentially vulnerable... The
practical effect of this is that this bug is difficult to defend against
(except by patching, which is completely effective) and will not be
particularly difficult to reverse-engineer."

[https://www.isc.org/blogs/about-cve-2015-5477-an-error-in-
ha...](https://www.isc.org/blogs/about-cve-2015-5477-an-error-in-handling-
tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/)

