CVE-2014-3214 — Improper Input Validation in Bind

CWE-20 — Improper Input Validation6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

11.3%

top 6.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind

Timeline

PublishedMay 9

Latest updateMay 17

Description

The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDisc/bind9.10.0

🔴Vulnerability Details

GHSA

GHSA-9rqc-hcfp-rmjx: The prefetch implementation in named in ISC BIND 9↗2022-05-17

▶

CVEList

CVE-2014-3214: The prefetch implementation in named in ISC BIND 9↗2014-05-09

▶

📋Vendor Advisories

Red Hat

bind: assertion failure when using prefetch↗2014-05-08

▶

Debian

CVE-2014-3214: bind9 - The prefetch implementation in named in ISC BIND 9.10.0, when a recursive namese...↗2014

▶

💬Community

Bugzilla

CVE-2014-3214 bind: assertion failure when using prefetch↗2014-05-09

▶