Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2013-2266

Published: 28/03/2013 Updated: 30/10/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 695
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Bind

Vulnerability Summary

libdns in ISC BIND 9.7.x and 9.8.x prior to 9.8.4-P2, 9.8.5 prior to 9.8.5b2, 9.9.x prior to 9.9.2-P2, and 9.9.3 prior to 9.9.3b2 on UNIX platforms allows remote malicious users to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

Vulnerable Product Search on Vulmon Subscribe to Product

isc bind 9.9.0

isc bind 9.9.1

isc bind 9.9.2

isc bind 9.9.3

isc bind 9.7.0

isc bind 9.7.1

isc bind 9.7.4

isc bind 9.7.3

isc bind 9.7.2

isc bind 9.7.5

isc bind 9.7.6

isc bind 9.8.0

isc bind 9.8.1

isc bind 9.8.5

isc bind 9.8.3

isc bind 9.8.2

isc bind 9.8.4

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2013-2266
Debian Bug report logs - #704174 CVE-2013-2266 Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Wolfgang Walter <wolfgangwalter@stwmde> Date: Thu, 28 Mar 2013 21:39:02 UTC Severity: grave Tags: security Found in versions bind9/1:973dfsg-1, bind9/1:984 ...
Ubuntu Security Notice: bind9 vulnerability
Bind could be made to consume memory or crash if it received specially crafted network traffic ...
Red Hat: Important: bind97 security update
Synopsis Important: bind97 security update Type/Severity Security Advisory: Important Topic Updated bind97 packages that fix one security issue are now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability ...
Red Hat: Important: bind security and bug fix update
Synopsis Important: bind security and bug fix update Type/Severity Security Advisory: Important Topic Updated bind packages that fix one security issue and one bug are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact A C ...
Debian Security Advisories: DSA-2656-1 bind9 -- denial of service
Matthew Horsfall of Dyn, Inc discovered that BIND, a DNS server, is prone to a denial of service vulnerability A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash For the stable distribution (squeeze), this problem has ...
Amazon Linux AMI: ALAS-2013-176
A denial of service flaw was found in the libdns library A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash (CVE-2013-2266) ...
Red Hat: CVE-2013-2266
libdns in ISC BIND 97x and 98x before 984-P2, 985 before 985b2, 99x before 992-P2, and 993 before 993b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process ...

Github Repositories

https://github.com/Reverier-Xu/bind-EDNS-SUBNET-patched

patched dig-9.9.3 that supports edns-subnet

Bind 910 版本官方已经merge了EDNS CLIENT SUBNET功能, 此仓库请勿使用!! Bind-993 --Reverier-patched 本仓库包含已经编译好的打过补丁的bind-993 Usage 在本仓库目录下, 执行 /bin/dig/dig @<DNS Server> <Target Server Domain> +client=<Querier IP address> 即可

https://github.com/Reverier-Xu/bind-EDNS-client-subnet-patched

patched dig-9.9.3 that supports edns-subnet

Bind 910 版本官方已经merge了EDNS CLIENT SUBNET功能, 此仓库请勿使用!! Bind-993 --Reverier-patched 本仓库包含已经编译好的打过补丁的bind-993 Usage 在本仓库目录下, 执行 /bin/dig/dig @<DNS Server> <Target Server Domain> +client=<Querier IP address> 即可

References

CWE-119http://www.isc.org/software/bind/advisories/cve-2013-2266https://kb.isc.org/article/AA-00879/https://kb.isc.org/article/AA-00871/http://rhn.redhat.com/errata/RHSA-2013-0690.htmlhttp://www.ubuntu.com/usn/USN-1783-1http://rhn.redhat.com/errata/RHSA-2013-0689.htmlhttp://www.debian.org/security/2013/dsa-2656http://marc.info/?l=bugtraq&m=136804614120794&w=2http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://support.apple.com/kb/HT5880http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101603.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/101500.htmlhttp://www.securityfocus.com/bid/58736http://linux.oracle.com/errata/ELSA-2014-1244https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19579https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704174https://usn.ubuntu.com/1783-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-2266
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook