CVE-2015-5722

CWE-20 — Improper Input Validation CWE-617 — Reachable Assertion12 documents10 sources

Severity

7.8HIGH

EPSS

65.9%

top 1.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind Apple MAC OS X Server

Timeline

PublishedSep 5

Latest updateMay 17

Description

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶Debianbind9< 1:9.9.5.dfsg-12+3

▶NVDisc/bind9.9.7+1

▶NVDapple/mac_os_x_server5.0.15

🔴Vulnerability Details

GHSA

GHSA-q4fr-6j5h-39h7: buffer↗2022-05-17

▶

OSV

CVE-2015-5722: buffer↗2015-09-05

▶

CVEList

CVE-2015-5722: buffer↗2015-09-05

▶

📋Vendor Advisories

BSD

FreeBSD-SA-15:23.bind: BIND remote denial of service vulnerability↗2015-09-02

▶

Red Hat

bind: malformed DNSSEC key failed assertion denial of service↗2015-09-02

▶

Ubuntu

Bind vulnerability↗2015-09-02

▶

Debian

CVE-2015-5722: bind9 - buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 al...↗2015

▶

Apple

CVE-2015-5722: OS X Server 5.0.15↗

▶

💬Community

Bugzilla

CVE-2015-5722 bind99: bind: malformed DNSSEC key failed assertion denial of service [fedora-22]↗2015-09-03

▶

Bugzilla

CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service [fedora-21]↗2015-09-03

▶

Bugzilla

CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service↗2015-09-01

▶