Published: 06/06/2013 Updated: 30/10/2018

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 695

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

resolver.c in ISC BIND 9.8.5 prior to 9.8.5-P1, 9.9.3 prior to 9.9.3-P1, and 9.6-ESV-R9 prior to 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote malicious users to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 9.9.3
isc bind 9.6
isc bind 9.8.5

BIND 9 patched against remote crash vuln

The Register • Richard Chirgwin • 11 Jun 2013

Protection against DoS

Time to get patching, sys admins: ISC (the Internet Systems Consortium) has issued a fix for a BIND 9 denial of service vulnerability. The defect and patch, published last week, “allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c”, the ISC says in its announcement. CVE-2013-3919 says BIND 9.6-ESV-R9, 9.8.5 and 9.9.3 are affected by the bug. While older versions aren't affected, ISC notes that they're also unsupported and could be carrying other u...

CVE-2013-3919

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect