By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Metrics
CVSS Version: 3.1 |
Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-ID: CWE Name: In BIND 9.8.4 -> 9.16.32 and versions 9.9.4-S1 -> 9.11.37-S1, 9.16.8-S1 -> 9.16.32-S1 of the BIND Supported Preview Edition, the DNSSEC verification code for the ECDSA algorithm leaks memory when there is a signature length mismatch. Source: ISC
Common Attack Pattern Enumeration and Classification (CAPEC)