PT-2014-1450 · Isc+1 · Isc Bind+1
Published
2014-06-13
·
Updated
2024-06-15
·
CVE-2014-3859
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
ISC BIND versions 9.10.0 through 9.10.0 before P2
Description
The issue exists due to incorrect handling of EDNS parameters in libdns, part of ISC BIND. This allows remote attackers to cause a denial of service by sending a specially crafted packet, leading to a REQUIRE assertion failure and the termination of the daemon.
Recommendations
For versions 9.10.0 through 9.10.0 before P2, update to a version that includes the fix for the EDNS option handling issue to prevent denial of service attacks.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bind Server
Isc Bind