CVE-2011-0414 — Bind vulnerability

CWE-3998 documents8 sources

Severity

7.1HIGHNVD

EPSS

6.0%

top 9.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedFeb 23

Latest updateMay 14

Description

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.7.3.dfsg-1+3

▶NVDisc/bind9.7.1, 9.7.2+1

🔴Vulnerability Details

GHSA

GHSA-x6p7-4923-38gh: ISC BIND 9↗2022-05-14

▶

OSV

CVE-2011-0414: ISC BIND 9↗2011-02-23

▶

CVEList

CVE-2011-0414: ISC BIND 9↗2011-02-23

▶

📋Vendor Advisories

Ubuntu

Bind vulnerability↗2011-02-23

▶

Red Hat

bind: named lockup with IXFR or DDNS update and a high query rate↗2011-02-22

▶

Debian

CVE-2011-0414: bind9 - ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, all...↗2011

▶

💬Community

Bugzilla

CVE-2011-0414 bind: named lockup with IXFR or DDNS update and a high query rate↗2011-02-22

▶