An attacker controlling a DNSSEC-signed zone could trigger a memory leak
in the logic preparing DNSSEC proofs of non-existence, by creating more
than :any:`max-records-per-type` RRSIGs for NSEC records. These memory
leaks have been fixed.
ISC would like to thank Vitaly Simonovich for bringing this
vulnerability to our attention.
Closes isc-projects/bind9#5742
Backport of !913
Merge branch '5742-fix-memory-leak-in-addnoqname-and-addclosest-9.20' into 'v9.20.21-release'
See merge request isc-private/bind9!914
projects / thirdparty / bind9.git / commitdiff
