An attacker controlling a DNSSEC-signed zone could trigger a memory leak
in the logic preparing DNSSEC proofs of non-existence, by creating more
than :any:`max-records-per-type` RRSIGs for NSEC records. These memory
leaks have been fixed.
ISC would like to thank Vitaly Simonovich for bringing this
vulnerability to our attention.
Closes isc-projects/bind9#5742
Merge branch '5742-fix-memory-leak-in-addnoqname-and-addclosest' into 'v9.21.20-release'
See merge request isc-private/bind9!913
projects / thirdparty / bind9.git / commitdiff
