CVE-2007-0494 — Bind vulnerability

CWE-1913 documents9 sources

Severity

4.3MEDIUMNVD

EPSS

41.5%

top 2.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedJan 25

Latest updateMay 3

Description

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.3.4-2+3

▶NVDisc/bind22 versions+21

Patches

Patch: secunia.com ↗Patch: www.isc.org ↗Patch: www.isc.org ↗

🔴Vulnerability Details

GHSA

GHSA-vhvp-gwh8-h6v7: ISC BIND 9↗2022-05-03

▶

CVEList

CVE-2007-0494: ISC BIND 9↗2007-01-25

▶

OSV

CVE-2007-0494: ISC BIND 9↗2007-01-25

▶

📋Vendor Advisories

BSD

FreeBSD-SA-07:02.bind: Multiple Denial of Service vulnerabilities in named(8)↗2007-02-09

▶

Ubuntu

Bind vulnerabilities↗2007-02-06

▶

Red Hat

BIND dnssec denial of service↗2007-01-25

▶

Debian

CVE-2007-0494: bind9 - ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0...↗2007

▶

💬Community

Bugzilla

CVE-2007-2022 kdebase3 flash-player interaction problem↗2007-06-10

▶

Bugzilla

CVE-2007-0494 BIND dnssec denial of service↗2007-01-30

▶

Bugzilla

CVE-2007-0494 BIND dnssec denial of service↗2007-01-29

▶

Bugzilla

CVE-2007-0494 BIND dnssec denial of service↗2007-01-29

▶

Bugzilla

CVE-2007-0494 BIND dnssec denial of service↗2007-01-29

▶