Add release note for GL #3394

2025-08-31 14:35:26 +00:00 · 2022-09-08 11:11:30 +02:00
parent e802beedfc
commit 672072812c
1 changed files with 8 additions and 1 deletions
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,14 @@ Notes for BIND 9.19.5
 Security Fixes
 ~~~~~~~~~~~~~~

- None.
+- Previously, there was no limit to the number of database lookups
+  performed while processing large delegations, which could be abused to
+  severely impact the performance of :iscman:`named` running as a
+  recursive resolver. This has been fixed. (CVE-2022-2795)
+
+  ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat
+  Bremler-Barr & Shani Stajnrod from Reichman University for bringing
+  this vulnerability to our attention. :gl:`#3394`

 Known Issues
 ~~~~~~~~~~~~