Novel BIND9 DNS software bugs addressed

The Hacker News reports that four security flaws in the Berkeley Internet Name Domain 9 Domain Name System software suite that could be exploited to achieve a denial-of-service condition have been fixed by the Internet Systems Consortium. Threat actors could also leverage the vulnerabilities, tracked as CVE-2022-3094, CVE-2022-3488, CVE-2022-3736, and CVE-2022-3924, to either prompt crashes on the named service or exhaust available memory on the targeted server. "A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," said the Cybersecurity and Infrastructure Security Agency in an advisory. BIND9 DNS versions 9.16.0 to 9.16.36, 9.18.0 to 9.18.10, 9.19.0 to 9.19.8, and 9.16.8-S1 to 9.16.36-S1 are impacted by all the vulnerabilities, while BIND Supported Preview Edition versions 9.11.4-S1 to 9.11.37-S1 are vulnerable to exploitation of CVE-2022-3488. No active exploitation has been recorded but immediate upgrades to versions 9.16.37, 9.18.11, 9.19.9, and 9.16.37-S1 have been urged to prevent potential threats.