CVE-2015-8000

CWE-20Improper Input ValidationCWE-399CWE-352Cross-Site Request Forgery (CSRF)14 documents10 sources
Severity
5.0MEDIUM
EPSS
67.1%
top 1.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ISC BindOracle LinuxOracle Solaris+1 more
Timeline
PublishedDec 16
Latest updateMay 13

Description

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

Debianbind9< 1:9.9.5.dfsg-12.1+3
NVDisc/bind64 versions+63
NVDoracle/linux5.0, 6, 7+2
NVDoracle/solaris10, 11.3+1

Patches

Patch: blogs.sophos.comPatch: blogs.sophos.comPatch: blogs.sophos.com

🔴Vulnerability Details

3
GHSA
GHSA-6v2g-2pm7-w6q7: db2022-05-13
CVEList
CVE-2015-8000: db2015-12-16
OSV
CVE-2015-8000: db2015-12-16

📋Vendor Advisories

6
BSD
FreeBSD-SA-15:27.bind: BIND remote denial of service vulnerability2015-12-16
Red Hat
bind: responses with a malformed class attribute can trigger an assertion failure in db.c2015-12-15
Ubuntu
Bind vulnerability2015-12-15
Cisco
Cisco FirePOWER 7000 and Cisco FirePOWER 8000 Series Inspection Engine Stall Vulnerability2015-09-25
Cisco
Cisco TelePresence MSE 8000 Series Cross-Site Request Forgery Vulnerability2015-07-09

💬Community

4
Bugzilla
CVE-2015-8000 bind99: bind: responses with a malformed class attribute can trigger an assertion failure in db.c [fedora-all]2015-12-15
Bugzilla
CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c [fedora-all]2015-12-15
Bugzilla
CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c2015-12-14
Bugzilla
CVE-2015-3026 icecast: NULL pointer dereference in stream_auth handler leading to DoS2015-04-09
CVE-2015-8000 (MEDIUM CVSS 5) | db.c in named in ISC BIND 9.x befor | cvebase.io