Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-5477Missing Initialization of a Variable in Bind

CWE-19CWE-456Missing Initialization of a VariableCWE-617Reachable Assertion23 documents14 sources
Severity
7.8HIGHNVD
OSV7.1
EPSS
92.8%
top 0.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
ISC Bind9ISC Bind
Timeline
PublishedJul 29
Latest updateMay 17

Description

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

Debianisc/bind9< 1:9.9.5.dfsg-11+3
Ubuntuisc/bind9< 1:9.9.5.dfsg-3ubuntu0.4
NVDisc/bind9.9.7+1

Patches

Patch: kb.isc.orgPatch: kb.isc.org

🔴Vulnerability Details

5
GHSA
GHSA-4622-vjcx-p39j: named in ISC BIND 92022-05-17
CVEList
CVE-2015-5477: named in ISC BIND 92015-07-29
OSV
CVE-2015-5477: named in ISC BIND 92015-07-29
OSV
bind9 vulnerabilities2015-07-28
VulnCheck
ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 TKEY Queries Denial of Service2015

💥Exploits & PoCs

2
Exploit-DB
ISC BIND 9 - TKEY Remote Denial of Service (PoC)2015-08-05
Exploit-DB
ISC BIND 9 - TKEY (PoC)2015-08-01

🔍Detection Rules

4
Suricata
ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M42015-08-01
Suricata
ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M12015-08-01
Suricata
ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M22015-08-01
Suricata
ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M32015-08-01

📋Vendor Advisories

5
BSD
FreeBSD-SA-15:17.bind: BIND remote denial of service vulnerability2015-07-28
Red Hat
bind: TKEY query handling flaw leading to denial of service2015-07-28
Ubuntu
Bind vulnerabilities2015-07-28
Debian
CVE-2015-5477: bind9 - named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote ...2015
Apple
CVE-2015-5477: OS X Server v4.1.5

💬Community

6
HackerOne
ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)2017-06-08
HackerOne
doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)2017-06-01
HackerOne
owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)2015-09-16
Bugzilla
CVE-2015-5477 bind99: bind: TKEY query handling flaw leading to denial of service [fedora-22]2015-07-28
Bugzilla
CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service [fedora-all]2015-07-28
CVE-2015-5477 — Missing Initialization of a Variable | cvebase