A use-after-free vulnerability in the DNS-over-HTTPS implementation
could cause named to crash when a client sends a flood of HTTP/2
SETTINGS frames while a DoH response is being written. This affects
servers with DoH (DNS-over-HTTPS) enabled.
ISC would like to thank Naresh Kandula Parmar (Nottiboy) for reporting this.
For: https://gitlab.isc.org/isc-projects/bind9/-/issues/5755
Merge branch '5755-heap-user-after-free-http2-settings' into 'security-main'
See merge request isc-private/bind9!949
projects / thirdparty / bind9.git / commitdiff
