CVE-2015-8705Improper Input Validation in Bind

CWE-20Improper Input Validation7 documents6 sources
Severity
7.0HIGHNVD
EPSS
29.1%
top 3.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ISC Bind
Timeline
PublishedJan 20
Latest updateMay 14

Description

buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 2.2 | Impact: 4.7

Affected Packages1 packages

NVDisc/bind35 versions+34

🔴Vulnerability Details

2
GHSA
GHSA-j4rq-g63g-h87j: buffer2022-05-14
CVEList
CVE-2015-8705: buffer2016-01-20

📋Vendor Advisories

2
Red Hat
bind: crash when converting OPT resource records and ECS options to text format2016-01-19
Debian
CVE-2015-8705: bind9 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is ena...2015

💬Community

2
Bugzilla
CVE-2015-8704 CVE-2015-8705 bind: various flaws [fedora-all]2016-01-19
Bugzilla
CVE-2015-8705 bind: crash when converting OPT resource records and ECS options to text format2016-01-18
CVE-2015-8705 — Improper Input Validation in ISC Bind | cvebase