CVE-2007-0493 — Use After Free in Bind

CWE-416 — Use After Free12 documents9 sources

Severity

7.8HIGHNVD

EPSS

13.8%

top 5.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedJan 25

Latest updateMay 1

Description

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.3.4-2+3

▶NVDisc/bind5 versions+4

Patches

Patch: www.isc.org ↗Patch: www.isc.org ↗Patch: www.isc.org ↗

🔴Vulnerability Details

GHSA

GHSA-p6fj-c7mp-96mv: Use-after-free vulnerability in ISC BIND 9↗2022-05-01

▶

CVEList

CVE-2007-0493: Use-after-free vulnerability in ISC BIND 9↗2007-01-25

▶

OSV

CVE-2007-0493: Use-after-free vulnerability in ISC BIND 9↗2007-01-25

▶

📋Vendor Advisories

BSD

FreeBSD-SA-07:02.bind: Multiple Denial of Service vulnerabilities in named(8)↗2007-02-09

▶

Ubuntu

Bind vulnerabilities↗2007-02-06

▶

Red Hat

bind use-after-free↗2007-01-25

▶

Debian

CVE-2007-0493: bind9 - Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a...↗2007

▶

💬Community

Bugzilla

CVE-2007-0493 BIND might crash after attempting to read free()-ed memory↗2007-04-27

▶

Bugzilla

CVE-2007-0493 bind use-after-free↗2007-02-25

▶

Bugzilla

CVE-2007-0493 BIND might crash after attempting to read free()-ed memory↗2007-01-25

▶

Bugzilla

CVE-2007-0493 BIND might crash after attempting to read free()-ed memory↗2007-01-25

▶