CVE-2010-3613 — Bind vulnerability

CWE-26410 documents8 sources

Severity

4.0MEDIUMNVD

EPSS

3.2%

top 12.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedDec 6

Latest updateMay 14

Description

named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.7.2.dfsg.P3-1+3

▶NVDisc/bind5 versions+4

🔴Vulnerability Details

GHSA

GHSA-7hh4-vqqp-5g89: named in ISC BIND 9↗2022-05-14

▶

OSV

CVE-2010-3613: named in ISC BIND 9↗2010-12-06

▶

CVEList

CVE-2010-3613: named in ISC BIND 9↗2010-12-03

▶

📋Vendor Advisories

Red Hat

bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named↗2010-12-01

▶

Ubuntu

Bind vulnerabilities↗2010-12-01

▶

Debian

CVE-2010-3613: bind9 - named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x be...↗2010

▶

💬Community

Bugzilla

CVE-2010-3613 bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named↗2010-12-01

▶

Bugzilla

CVE-2010-3615 CVE-2010-3613 CVE-2010-3614 bind various flaws [fedora-14]↗2010-12-01

▶

Bugzilla

CVE-2010-3613 CVE-2010-3614 bind various flaws [fedora-13]↗2010-12-01

▶