Heavy DNSSEC Validation Load Can Cause a "Bad Cache" Assertion Failure in BIND9

Summary: 
High numbers of queries with DNSSEC validation enabled can cause an assertion failure in named, caused by using a "bad cache" data structure before it has been initialized.
CVE: 
CVE-2012-3817
Document Version: 
2.2
Posting date: 
24 Jul 2012
Program Impacted: 
BIND
Versions affected: 
9.6-ESV-R1--> 9.6-ESV-R7-P1; 9.7.1 --> 9.7.6-P1; 9.8.0 --> 9.8.3-P1; 9.9.0 --> 9.9.1-P1
Severity: 
Critical
Exploitable: 
Remotely
Description: 

The full Advisory is located here: http://kb.isc.org/article/AA-00729

Share this