CVE-2010-0213 — Infinite Loop in Bind

CWE-19 CWE-835 — Infinite Loop8 documents8 sources

Severity

2.6LOWNVD

EPSS

1.0%

top 23.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedJul 28

Latest updateMay 2

Description

BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶Debianisc/bind9< 9.7.1.dfsg.P2+3

▶NVDisc/bind9.7.1

🔴Vulnerability Details

GHSA

GHSA-2p9p-xfg3-2fr3: BIND 9↗2022-05-02

▶

OSV

CVE-2010-0213: BIND 9↗2010-07-28

▶

CVEList

CVE-2010-0213: BIND 9↗2010-07-27

▶

💥Exploits & PoCs

Exploit-DB

PoPToP - Negative Read Overflow (Metasploit)↗2010-11-23

▶

📋Vendor Advisories

Red Hat

BIND: DoS (infinite loop of RRSIGs queries to authoritative servers) via certain RRSIG query↗2010-07-15

▶

Debian

CVE-2010-0213: bind9 - BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor t...↗2010

▶

💬Community

Bugzilla

CVE-2010-0213 BIND: DoS (infinite loop of RRSIGs queries to authoritative servers) via certain RRSIG query↗2010-07-21

▶