CVE-2011-4313

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
iscbind
9.0
iscbind
9.0.0:rc1
iscbind
9.0.0:rc2
iscbind
9.0.0:rc3
iscbind
9.0.0:rc4
iscbind
9.0.0:rc5
iscbind
9.0.0:rc6
iscbind
9.0.1
iscbind
9.0.1:rc1
iscbind
9.0.1:rc2
iscbind
9.1
iscbind
9.1.0:rc1
iscbind
9.1.1
iscbind
9.1.1:rc1
iscbind
9.1.1:rc2
iscbind
9.1.1:rc3
iscbind
9.1.1:rc4
iscbind
9.1.1:rc5
iscbind
9.1.1:rc6
iscbind
9.1.1:rc7
iscbind
9.1.2
iscbind
9.1.2:rc1
iscbind
9.1.3
iscbind
9.1.3:rc1
iscbind
9.1.3:rc2
iscbind
9.1.3:rc3
iscbind
9.2.0
iscbind
9.2.0:a1
iscbind
9.2.0:a2
iscbind
9.2.0:a3
iscbind
9.2.0:b1
iscbind
9.2.0:b2
iscbind
9.2.0:rc1
iscbind
9.2.0:rc10
iscbind
9.2.0:rc2
iscbind
9.2.0:rc3
iscbind
9.2.0:rc4
iscbind
9.2.0:rc5
iscbind
9.2.0:rc6
iscbind
9.2.0:rc7
iscbind
9.2.0:rc8
iscbind
9.2.0:rc9
iscbind
9.2.1
iscbind
9.2.1:rc1
iscbind
9.2.1:rc2
iscbind
9.2.2
iscbind
9.2.2:p2
iscbind
9.2.2:p3
iscbind
9.2.2:rc1
iscbind
9.2.3
iscbind
9.2.3:rc1
iscbind
9.2.3:rc2
iscbind
9.2.3:rc3
iscbind
9.2.3:rc4
iscbind
9.2.4
iscbind
9.2.4:rc2
iscbind
9.2.4:rc3
iscbind
9.2.4:rc4
iscbind
9.2.4:rc5
iscbind
9.2.4:rc6
iscbind
9.2.4:rc7
iscbind
9.2.4:rc8
iscbind
9.2.5
iscbind
9.2.5:b2
iscbind
9.2.5:rc1
iscbind
9.2.6
iscbind
9.2.6:rc1
iscbind
9.2.7
iscbind
9.2.7:rc1
iscbind
9.2.7:rc2
iscbind
9.2.7:rc3
iscbind
9.2.8
iscbind
9.2.9
iscbind
9.2.9:rc1
iscbind
9.3
iscbind
9.3.0
iscbind
9.3.0:b2
iscbind
9.3.0:b3
iscbind
9.3.0:b4
iscbind
9.3.0:rc1
iscbind
9.3.0:rc2
iscbind
9.3.0:rc3
iscbind
9.3.0:rc4
iscbind
9.3.1
iscbind
9.3.1:b2
iscbind
9.3.1:rc1
iscbind
9.3.2
iscbind
9.3.2:rc1
iscbind
9.3.3
iscbind
9.3.3:rc1
iscbind
9.3.3:rc2
iscbind
9.3.3:rc3
iscbind
9.3.4
iscbind
9.3.5
iscbind
9.3.5:rc1
iscbind
9.3.5:rc2
iscbind
9.3.6
iscbind
9.3.6:rc1
iscbind
9.4
iscbind
9.4.0
iscbind
9.4.0:a1
iscbind
9.4.0:a2
iscbind
9.4.0:a3
iscbind
9.4.0:a4
iscbind
9.4.0:a5
iscbind
9.4.0:a6
iscbind
9.4.0:b1
iscbind
9.4.0:b2
iscbind
9.4.0:b3
iscbind
9.4.0:b4
iscbind
9.4.0:rc1
iscbind
9.4.0:rc2
iscbind
9.4.1
iscbind
9.4.2
iscbind
9.4.2:rc1
iscbind
9.4.2:rc2
iscbind
9.4.3
iscbind
9.4.3:b1
iscbind
9.4.3:b2
iscbind
9.4.3:b3
iscbind
9.4.3:p2
iscbind
9.4.3:rc1
iscbind
9.5
iscbind
9.5.0
iscbind
9.5.0:a1
iscbind
9.5.0:a2
iscbind
9.5.0:a3
iscbind
9.5.0:a4
iscbind
9.5.0:a5
iscbind
9.5.0:a6
iscbind
9.5.0:a7
iscbind
9.5.0:b1
iscbind
9.5.0:b2
iscbind
9.5.0:b3
iscbind
9.5.0:p1
iscbind
9.5.0:p2
iscbind
9.5.0:p2_w1
iscbind
9.5.0:p2_w2
iscbind
9.5.0:rc1
iscbind
9.5.1
iscbind
9.5.1:b1
iscbind
9.5.1:b2
iscbind
9.5.1:b3
iscbind
9.5.1:rc1
iscbind
9.5.1:rc2
iscbind
9.5.2
iscbind
9.5.2:b1
iscbind
9.5.2:p1
iscbind
9.5.2:p2
iscbind
9.5.2:p3
iscbind
9.5.2:p4
iscbind
9.5.2:rc1
iscbind
9.5.3:b1
iscbind
9.5.3:rc1
iscbind
9.6.0
iscbind
9.6.0:a1
iscbind
9.6.0:b1
iscbind
9.6.0:p1
iscbind
9.6.0:rc1
iscbind
9.6.0:rc2
iscbind
9.6.1
iscbind
9.6.1:b1
iscbind
9.6.1:p1
iscbind
9.6.1:p2
iscbind
9.6.1:p3
iscbind
9.6.1:rc1
iscbind
9.6.2
iscbind
9.6.2:b1
iscbind
9.6.2:p1
iscbind
9.6.2:p2
iscbind
9.6.2:p3
iscbind
9.6.2:rc1
iscbind
9.6.3
iscbind
9.6.3:b1
iscbind
9.6.3:rc1
iscbind
9.7.0
iscbind
9.7.0:a1
iscbind
9.7.0:a2
iscbind
9.7.0:a3
iscbind
9.7.0:b1
iscbind
9.7.0:b2
iscbind
9.7.0:b3
iscbind
9.7.0:p1
iscbind
9.7.0:p2
iscbind
9.7.0:rc1
iscbind
9.7.0:rc2
iscbind
9.7.1
iscbind
9.7.1:b1
iscbind
9.7.1:p1
iscbind
9.7.1:p2
iscbind
9.7.1:rc1
iscbind
9.7.2
iscbind
9.7.2:p1
iscbind
9.7.2:p2
iscbind
9.7.2:p3
iscbind
9.7.2:rc1
iscbind
9.7.3
iscbind
9.7.3:b1
iscbind
9.7.3:p1
iscbind
9.7.3:rc1
iscbind
9.7.4
iscbind
9.7.4:b1
iscbind
9.7.4:rc1
iscbind
9.8.0
iscbind
9.8.0:a1
iscbind
9.8.0:b1
iscbind
9.8.0:p1
iscbind
9.8.0:p2
iscbind
9.8.0:p4
iscbind
9.8.0:rc1
iscbind
9.8.1
iscbind
9.8.1:b1
iscbind
9.8.1:b2
iscbind
9.8.1:b3
iscbind
9.8.1:rc1
iscbind
9.9.0:a1
iscbind
9.9.0:a2
iscbind
9.9.0:a3
iscbind
9.9.0:b1
iscbind
9.4
iscbind
9.4:b1
iscbind
9.4:r1
iscbind
9.4:r2
iscbind
9.4:r3
iscbind
9.4:r4
iscbind
9.4:r4-p1
iscbind
9.4:r5
iscbind
9.4:r5-b1
iscbind
9.4:r5-p1
iscbind
9.4:r5-rc1
iscbind
9.6
iscbind
9.6:r1
iscbind
9.6:r2
iscbind
9.6:r3
iscbind
9.6:r4
iscbind
9.6:r4_p1
iscbind
9.6:r5
iscbind
9.6:r5_b1
iscbind
9.6:r5_p1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bind9
bookworm
1:9.18.28-1~deb12u2
fixed
bookworm (security)
1:9.18.28-1~deb12u2
fixed
bullseye
1:9.16.50-1~deb11u2
fixed
bullseye (security)
1:9.16.50-1~deb11u1
fixed
sid
1:9.20.2-1
fixed
trixie
1:9.20.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
hardy
Fixed 1:9.4.2.dfsg.P2-2ubuntu0.9
released
lucid
Fixed 1:9.7.0.dfsg.P1-1ubuntu0.4
released
maverick
Fixed 1:9.7.1.dfsg.P2-2ubuntu0.5
released
natty
Fixed 1:9.7.3.dfsg-1ubuntu2.3
released
oneiric
Fixed 1:9.7.3.dfsg-1ubuntu4.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bind
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
bind-chrootenv
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
bind-devel
suse enterprise desktop 15
9.11.2-10.4
fixed
suse enterprise desktop 15 SP1
9.11.2-12.8.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
bind-doc
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
bind-utils
suse enterprise desktop 15
9.11.2-10.4
fixed
suse enterprise desktop 15 SP1
9.11.2-12.8.1
fixed
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
libbind9-160
suse enterprise desktop 15
9.11.2-10.4
fixed
suse enterprise desktop 15 SP1
9.11.2-12.8.1
fixed
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
libdns169
suse enterprise desktop 15
9.11.2-10.4
fixed
suse enterprise desktop 15 SP1
9.11.2-12.8.1
fixed
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
libirs-devel
suse enterprise desktop 15
9.11.2-10.4
fixed
suse enterprise desktop 15 SP1
9.11.2-12.8.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
libirs160
suse enterprise desktop 15
9.11.2-10.4
fixed
suse enterprise desktop 15 SP1
9.11.2-12.8.1
fixed
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
libisc166
suse enterprise desktop 15
9.11.2-10.4
fixed
suse enterprise desktop 15 SP1
9.11.2-12.8.1
fixed
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
libisc166-32bit
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
libisccc160
suse enterprise desktop 15
9.11.2-10.4
fixed
suse enterprise desktop 15 SP1
9.11.2-12.8.1
fixed
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
libisccfg160
suse enterprise desktop 15
9.11.2-10.4
fixed
suse enterprise desktop 15 SP1
9.11.2-12.8.1
fixed
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
liblwres160
suse enterprise desktop 15
9.11.2-10.4
fixed
suse enterprise desktop 15 SP1
9.11.2-12.8.1
fixed
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
python-bind
suse enterprise sap 12 SP5
9.11.2-3.10.1
fixed
suse enterprise server 12 SP5
9.11.2-3.10.1
fixed
python3-bind
suse enterprise desktop 15
9.11.2-10.4
fixed
suse enterprise desktop 15 SP1
9.11.2-12.8.1
fixed
suse enterprise sap 15
9.11.2-10.4
fixed
suse enterprise sap 15 SP1
9.11.2-12.8.1
fixed
suse enterprise server 15
9.11.2-10.4
fixed
suse enterprise server 15 SP1
9.11.2-12.8.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
bind
RHEL 6
32:9.7.3-2.el6_1.P3.3
fixed
bind-chroot
RHEL 6
32:9.7.3-2.el6_1.P3.3
fixed
bind-devel
RHEL 6
32:9.7.3-2.el6_1.P3.3
fixed
bind-libs
RHEL 6
32:9.7.3-2.el6_1.P3.3
fixed
bind-sdb
RHEL 6
32:9.7.3-2.el6_1.P3.3
fixed
bind-utils
RHEL 6
32:9.7.3-2.el6_1.P3.3
fixed
References
http://blogs.oracle.com/sunsecurity/entry/cve_2011_4313_denial_of
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069463.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069970.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069975.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00029.html
http://marc.info/?l=bugtraq&m=132310123002302&w=2
http://marc.info/?l=bugtraq&m=133978480208466&w=2
http://marc.info/?l=bugtraq&m=141879471518471&w=2
http://osvdb.org/77159
http://secunia.com/advisories/46536
http://secunia.com/advisories/46829
http://secunia.com/advisories/46887
http://secunia.com/advisories/46890
http://secunia.com/advisories/46905
http://secunia.com/advisories/46906
http://secunia.com/advisories/46943
http://secunia.com/advisories/46984
http://secunia.com/advisories/47043
http://secunia.com/advisories/47075
http://secunia.com/advisories/48308
http://security.freebsd.org/advisories/FreeBSD-SA-11:06.bind.asc
http://support.apple.com/kb/HT5501
http://www-01.ibm.com/support/docview.wss?uid=isg1IV11106
http://www.debian.org/security/2011/dsa-2347
http://www.ibm.com/support/docview.wss?uid=isg1IV11248
http://www.isc.org/software/bind/advisories/cve-2011-4313
http://www.kb.cert.org/vuls/id/606539
http://www.mandriva.com/security/advisories?name=MDVSA-2011:176
http://www.redhat.com/support/errata/RHSA-2011-1458.html
http://www.redhat.com/support/errata/RHSA-2011-1459.html
http://www.redhat.com/support/errata/RHSA-2011-1496.html
http://www.securityfocus.com/bid/50690
http://www.securitytracker.com/id?1026335
http://www.ubuntu.com/usn/USN-1264-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71332
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14343
http://blogs.oracle.com/sunsecurity/entry/cve_2011_4313_denial_of
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069463.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069970.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069975.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00029.html
http://marc.info/?l=bugtraq&m=132310123002302&w=2
http://marc.info/?l=bugtraq&m=133978480208466&w=2
http://marc.info/?l=bugtraq&m=141879471518471&w=2
http://osvdb.org/77159
http://secunia.com/advisories/46536
http://secunia.com/advisories/46829
http://secunia.com/advisories/46887
http://secunia.com/advisories/46890
http://secunia.com/advisories/46905
http://secunia.com/advisories/46906
http://secunia.com/advisories/46943
http://secunia.com/advisories/46984
http://secunia.com/advisories/47043
http://secunia.com/advisories/47075
http://secunia.com/advisories/48308
http://security.freebsd.org/advisories/FreeBSD-SA-11:06.bind.asc
http://support.apple.com/kb/HT5501
http://www-01.ibm.com/support/docview.wss?uid=isg1IV11106
http://www.debian.org/security/2011/dsa-2347
http://www.ibm.com/support/docview.wss?uid=isg1IV11248
http://www.isc.org/software/bind/advisories/cve-2011-4313
http://www.kb.cert.org/vuls/id/606539
http://www.mandriva.com/security/advisories?name=MDVSA-2011:176
http://www.redhat.com/support/errata/RHSA-2011-1458.html
http://www.redhat.com/support/errata/RHSA-2011-1459.html
http://www.redhat.com/support/errata/RHSA-2011-1496.html
http://www.securityfocus.com/bid/50690
http://www.securitytracker.com/id?1026335
http://www.ubuntu.com/usn/USN-1264-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71332
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14343