CVE-2015-4620
6.3 Medium
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.157 Low
EPSS
Percentile
95.9%
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
References
lists.fedoraproject.org/pipermail/package-announce/2015-July/162040.html
lists.fedoraproject.org/pipermail/package-announce/2015-July/162286.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html
lists.opensuse.org/opensuse-updates/2015-07/msg00038.html
marc.info/?l=bugtraq&m=143740940810833&w=2
rhn.redhat.com/errata/RHSA-2015-1443.html
rhn.redhat.com/errata/RHSA-2015-1471.html
www.debian.org/security/2015/dsa-3304
www.securityfocus.com/bid/75588
www.securitytracker.com/id/1032799
www.ubuntu.com/usn/USN-2669-1
kb.isc.org/article/AA-01267
kb.isc.org/article/AA-01305
kb.isc.org/article/AA-01306
kb.isc.org/article/AA-01307
kb.isc.org/article/AA-01438
kb.juniper.net/JSA10783
kc.mcafee.com/corporate/index?page=content&id=SB10124
security.gentoo.org/glsa/201510-01
security.netapp.com/advisory/ntap-20190903-0003/
Social References
More
Related
6.3 Medium
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.157 Low
EPSS
Percentile
95.9%