Bug/Vulnerability in `Dig' in latest dnsutils/bind9

Mukund Sivaraman muks at isc.org
Tue Oct 28 11:41:51 UTC 2014

Hi Joshua

On Tue, Oct 28, 2014 at 07:30:45PM +1100, Joshua Rogers wrote:
> I'm not sure if this is really severe enough for a CVE-ID or not, but
> let me know about it anyways.

This crashes out almost immediately after next is assigned -1, by
dereferencing *(-1) which is likely not mapped on any platform. So I
don't think it's a severe or exploitable bug. The crash is the only

A fix is in review now.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 2881 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20141028/ff05d3f5/attachment-0001.bin>

More information about the bind-users mailing list