CVE-2013-2266Improper Restriction of Operations within the Bounds of a Memory Buffer in Bind

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents9 sources
Severity
7.8HIGHNVD
EPSS
44.8%
top 2.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ISC Bind9ISC Bind
Timeline
PublishedMar 28
Latest updateMay 14

Description

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

Debianisc/bind9< 1:9.8.4.dfsg.P1-6+nmu1+3
NVDisc/bind17 versions+16

🔴Vulnerability Details

3
GHSA
GHSA-42v2-796f-qqmv: libdns in ISC BIND 92022-05-14
OSV
CVE-2013-2266: libdns in ISC BIND 92013-03-28
CVEList
CVE-2013-2266: libdns in ISC BIND 92013-03-28

📋Vendor Advisories

5
BSD
FreeBSD-SA-13:04.bind: BIND remote denial of service2013-04-02
Ubuntu
Bind vulnerability2013-03-29
Red Hat
bind: libdns regular expressions excessive resource consumption DoS2013-03-26
Red Hat
dhcp: bind/libdns CVE-2013-2266 regular expressions excessive resource consumption DoS2013-03-26
Debian
CVE-2013-2266: bind9 - libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x ...2013

💬Community

3
Bugzilla
CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS2013-03-26
Bugzilla
CVE-2013-2494 dhcp: bind/libdns CVE-2013-2266 regular expressions excessive resource consumption DoS2013-03-26
Bugzilla
CVE-2013-2266 bind: Memory exhaustion bug in libdns, leading to excessive memory consumption in named [fedora-all]2013-03-26
CVE-2013-2266 — ISC Bind vulnerability | cvebase