CVE-2014-0591 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Bind

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents9 sources

Severity

2.6LOWNVD

EPSS

51.5%

top 2.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedJan 14

Latest updateMay 14

Description

The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.9.5.dfsg-2+3

▶NVDisc/bind21 versions+20

🔴Vulnerability Details

GHSA

GHSA-c7r2-3x52-rjcm: The query_findclosestnsec3 function in query↗2022-05-14

▶

CVEList

CVE-2014-0591: The query_findclosestnsec3 function in query↗2014-01-14

▶

OSV

CVE-2014-0591: The query_findclosestnsec3 function in query↗2014-01-14

▶

📋Vendor Advisories

BSD

FreeBSD-SA-14:04.bind: BIND remote denial of service vulnerability↗2014-01-14

▶

Red Hat

bind: named crash when handling malformed NSEC3-signed zones↗2014-01-13

▶

Ubuntu

Bind vulnerability↗2014-01-13

▶

Debian

CVE-2014-0591: bind9 - The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, an...↗2014

▶

💬Community

Bugzilla

CVE-2014-0591 bind: named crash when handling malformed NSEC3-signed zones [fedora-all]↗2014-01-13

▶

Bugzilla

CVE-2014-0591 bind: named crash when handling malformed NSEC3-signed zones↗2014-01-11

▶