CVE-2014-3859Improper Input Validation in Bind

CWE-20Improper Input Validation6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
29.8%
top 3.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ISC Bind
Timeline
PublishedJun 13
Latest updateMay 17

Description

libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDisc/bind9.10.0

🔴Vulnerability Details

2
GHSA
GHSA-fhwv-x286-vrwh: libdns in ISC BIND 92022-05-17
CVEList
CVE-2014-3859: libdns in ISC BIND 92014-06-13

📋Vendor Advisories

2
Red Hat
bind: assertion failure during EDNS option processing2014-06-11
Debian
CVE-2014-3859: bind9 - libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which...2014

💬Community

1
Bugzilla
CVE-2014-3859 bind: assertion failure during EDNS option processing2014-06-12
CVE-2014-3859 — Improper Input Validation in ISC Bind | cvebase