Marlink Cyber has discovered and responsibly disclosed a vulnerability in ISC BIND, a widely used Domain Name System service that provides name resolution for Internet and local network environments. The issue is a DoS (denial-of-service) vulnerability that can cause the ISC BIND service to crash. The disclosure reflects a coordinated research effort aimed at strengthening critical infrastructure security.
“Two malformed DNS resource record types – HHIT (type 67) and BRID (type 68) – trigger an assertion in BIND’s ` dns_rdata_towire()` implementation when the RDATA length is less than three octets,” Marlink detailed in a blog post. “The assertion aborts the ` named` daemon, causing an immediate denial‑of‑service (DoS) condition. HHIT…