CVE-2014-8680Improper Input Validation in Bind

CWE-20Improper Input ValidationCWE-284Improper Access ControlCWE-617Reachable Assertion6 documents6 sources
Severity
5.4MEDIUMNVD
EPSS
2.3%
top 15.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ISC Bind
Timeline
PublishedDec 11
Latest updateMay 14

Description

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.

CVSS vector

AV:N/AC:H/C:N/I:N/A:CExploitability: 4.9 | Impact: 6.9

Affected Packages1 packages

NVDisc/bind9.10.0, 9.10.1+1

🔴Vulnerability Details

2
GHSA
GHSA-29cv-f9xj-9653: The GeoIP functionality in ISC BIND 92022-05-14
CVEList
CVE-2014-8680: The GeoIP functionality in ISC BIND 92014-12-11

📋Vendor Advisories

2
Red Hat
bind: flaws in GeoIP leading to a denial of service2014-12-08
Debian
CVE-2014-8680: bind9 - The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attacker...2014

💬Community

1
Bugzilla
CVE-2014-8680 bind: flaws in GeoIP leading to a denial of service2014-12-09
CVE-2014-8680 — Improper Input Validation in ISC Bind | cvebase