CVE-2013-3919 — Reachable Assertion in Bind

6 documents6 sources

Severity

7.8HIGHNVD

EPSS

10.3%

top 6.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind

Timeline

PublishedJun 6

Latest updateMay 14

Description

resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDisc/bind9.6, 9.8.5, 9.9.3+2

Patches

Patch: kb.isc.org ↗Patch: kb.isc.org ↗

🔴Vulnerability Details

GHSA

GHSA-34ff-v4jj-rwc7: resolver↗2022-05-14

▶

CVEList

CVE-2013-3919: resolver↗2013-06-06

▶

📋Vendor Advisories

Red Hat

bind: Querying a recursive resolver for a malformed zone causes named to crash↗2013-06-04

▶

Debian

CVE-2013-3919: bind9 - resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV...↗2013

▶

💬Community

Bugzilla

CVE-2013-3919 bind: Querying a recursive resolver for a malformed zone causes named to crash↗2013-06-05

▶