CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
iscbind
9.7.0
iscbind
9.7.0:b1
iscbind
9.7.0:p1
iscbind
9.7.0:p2
iscbind
9.7.0:rc1
iscbind
9.7.0:rc2
iscbind
9.7.1
iscbind
9.7.1:p1
iscbind
9.7.1:p2
iscbind
9.7.1:rc1
iscbind
9.7.2
iscbind
9.7.2:p1
iscbind
9.7.2:p2
iscbind
9.7.2:p3
iscbind
9.7.2:rc1
iscbind
9.7.3
iscbind
9.7.3:b1
iscbind
9.7.3:p1
iscbind
9.7.3:rc1
iscbind
9.7.4
iscbind
9.7.4:b1
iscbind
9.7.4:p1
iscbind
9.7.4:rc1
iscbind
9.7.5
iscbind
9.7.5:b1
iscbind
9.7.5:rc1
iscbind
9.7.5:rc2
iscbind
9.7.6
iscbind
9.7.6:p1
iscbind
9.7.6:p2
iscbind
9.7.7
susesuse_linux_enterprise_software_development_kit
11.0:sp2
susesuse_linux_enterprise_software_development_kit
11.0:sp3
iscdnsco_bind
9.9.3:s1
iscdnsco_bind
9.9.4:s1b1
opensuseopensuse
11.4
iscbind
9.9.0
iscbind
9.9.0:a1
iscbind
9.9.0:a2
iscbind
9.9.0:a3
iscbind
9.9.0:b1
iscbind
9.9.0:b2
iscbind
9.9.0:rc1
iscbind
9.9.0:rc2
iscbind
9.9.0:rc3
iscbind
9.9.0:rc4
iscbind
9.9.1
iscbind
9.9.1:p1
iscbind
9.9.1:p2
iscbind
9.9.2
iscbind
9.9.3
iscbind
9.9.3:b1
iscbind
9.9.3:b2
iscbind
9.9.3:p1
iscbind
9.9.3:rc1
iscbind
9.9.3:rc2
freebsdfreebsd
8.0
freebsdfreebsd
8.1
freebsdfreebsd
8.2
freebsdfreebsd
8.3
freebsdfreebsd
8.4
freebsdfreebsd
9.0
freebsdfreebsd
9.1
freebsdfreebsd
9.1:p4
freebsdfreebsd
9.1:p5
freebsdfreebsd
9.2:prerelease
freebsdfreebsd
9.2:rc1
freebsdfreebsd
9.2:rc2
mandrivabusiness_server
1.0
mandrivaenterprise_server
5.0
redhatenterprise_linux
6.0
iscbind
9.8.0
iscbind
9.8.0:a1
iscbind
9.8.0:b1
iscbind
9.8.0:p1
iscbind
9.8.0:p2
iscbind
9.8.0:p4
iscbind
9.8.0:rc1
iscbind
9.8.1
iscbind
9.8.1:b1
iscbind
9.8.1:b2
iscbind
9.8.1:b3
iscbind
9.8.1:p1
iscbind
9.8.1:rc1
iscbind
9.8.2:b1
iscbind
9.8.2:rc1
iscbind
9.8.2:rc2
iscbind
9.8.3
iscbind
9.8.3:p1
iscbind
9.8.3:p2
iscbind
9.8.4
iscbind
9.8.5
iscbind
9.8.5:b1
iscbind
9.8.5:b2
iscbind
9.8.5:p1
iscbind
9.8.5:rc1
iscbind
9.8.5:rc2
iscbind
9.8.6:b1
slackwareslackware_linux
12.1
slackwareslackware_linux
12.2
slackwareslackware_linux
13.0
slackwareslackware_linux
13.1
slackwareslackware_linux
13.37
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bind9
bullseye
1:9.16.50-1~deb11u2
fixed
bullseye (security)
1:9.16.50-1~deb11u1
fixed
bookworm
1:9.18.28-1~deb12u2
fixed
bookworm (security)
1:9.18.28-1~deb12u2
fixed
sid
1:9.20.2-1
fixed
trixie
1:9.20.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
raring
Fixed 1:9.9.2.dfsg.P1-2ubuntu2.1
released
quantal
Fixed 1:9.8.1.dfsg.P1-4.2ubuntu3.3
released
precise
Fixed 1:9.8.1.dfsg.P1-4ubuntu0.7
released
lucid
Fixed 1:9.7.0.dfsg.P1-1ubuntu0.10
released
References
http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://linux.oracle.com/errata/ELSA-2014-1244
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html
http://rhn.redhat.com/errata/RHSA-2013-1114.html
http://rhn.redhat.com/errata/RHSA-2013-1115.html
http://secunia.com/advisories/54134
http://secunia.com/advisories/54185
http://secunia.com/advisories/54207
http://secunia.com/advisories/54211
http://secunia.com/advisories/54323
http://secunia.com/advisories/54432
http://www.debian.org/security/2013/dsa-2728
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc
http://www.mandriva.com/security/advisories?name=MDVSA-2013:202
http://www.securityfocus.com/bid/61479
http://www.securitytracker.com/id/1028838
http://www.ubuntu.com/usn/USN-1910-1
http://www.zerodayinitiative.com/advisories/ZDI-13-210/
https://exchange.xforce.ibmcloud.com/vulnerabilities/86004
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396
https://kb.isc.org/article/AA-01015
https://kb.isc.org/article/AA-01016
https://kc.mcafee.com/corporate/index?page=content&id=SB10052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561
https://support.apple.com/kb/HT6536
http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://linux.oracle.com/errata/ELSA-2014-1244
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html
http://rhn.redhat.com/errata/RHSA-2013-1114.html
http://rhn.redhat.com/errata/RHSA-2013-1115.html
http://secunia.com/advisories/54134
http://secunia.com/advisories/54185
http://secunia.com/advisories/54207
http://secunia.com/advisories/54211
http://secunia.com/advisories/54323
http://secunia.com/advisories/54432
http://www.debian.org/security/2013/dsa-2728
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc
http://www.mandriva.com/security/advisories?name=MDVSA-2013:202
http://www.securityfocus.com/bid/61479
http://www.securitytracker.com/id/1028838
http://www.ubuntu.com/usn/USN-1910-1
http://www.zerodayinitiative.com/advisories/ZDI-13-210/
https://exchange.xforce.ibmcloud.com/vulnerabilities/86004
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396
https://kb.isc.org/article/AA-01015
https://kb.isc.org/article/AA-01016
https://kc.mcafee.com/corporate/index?page=content&id=SB10052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561
https://support.apple.com/kb/HT6536