CVE-2014-8500 — Uncontrolled Resource Consumption in Bind

CWE-399 CWE-400 — Uncontrolled Resource Consumption11 documents10 sources

Severity

7.8HIGHNVD

EPSS

48.2%

top 2.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedDec 11

Latest updateMay 17

Description

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.9.5.dfsg-7+3

▶NVDisc/bind63 versions+62

Patches

Patch: ubuntu.com ↗Patch: ubuntu.com ↗

🔴Vulnerability Details

GHSA

GHSA-qcv9-4m2r-585w: ISC BIND 9↗2022-05-17

▶

OSV

CVE-2014-8500: ISC BIND 9↗2014-12-11

▶

CVEList

CVE-2014-8500: ISC BIND 9↗2014-12-11

▶

📋Vendor Advisories

BSD

FreeBSD-SA-14:29.bind: BIND remote denial of service vulnerability↗2014-12-10

▶

Ubuntu

Bind vulnerability↗2014-12-09

▶

Red Hat

bind: delegation handling denial of service↗2014-12-08

▶

Debian

CVE-2014-8500: bind9 - ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 doe...↗2014

▶

Apple

CVE-2014-8500: OS X Server v5.0.3↗

▶

💬Community

Bugzilla

CVE-2014-8500 bind: delegation handling denial of service↗2014-12-08

▶

Bugzilla

CVE-2014-8500 bind: delegation handling denial of service [fedora-all]↗2014-12-08

▶