CVE-2015-7547: getaddrinfo() stack-based buffer overflow

Florian Weimer fw at
Wed Feb 17 19:06:14 UTC 2016

* Ben Croswell:

> Cyber folks asked if there was any way for the DNS servers to "protect" the
> vulnerable clients.
> The only thing i  could see from the explanation  was disabling or limiting
> edns0 sizes. That is obviously not a long term option.

EDNS0 buffer sizes do not apply to TCP responses, so this is not an
effective mitigation, I'm afraid.

More information about the bind-users mailing list