7.8 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.963 High
EPSS
Percentile
99.4%
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. (CVE-2015-8000)
Impact
An attack may cause a denial-of-service (DoS) on the vulnerable BIND system by requesting a record that contains a malformed class attribute.
Although the BIG-IP, BIG-IQ, and Enterprise Manager software contains the vulnerable code, the BIG-IP, BIG-IQ, and Enterprise Manager systems do not use the vulnerable code in a way that exposes the vulnerability in the default configuration.
The BIG-IP system must meet both of the following conditions to be considered vulnerable:
For example:
* A virtual server with a DNS profile is configured with the **Use BIND Server on BIG-IP** option (this option is enabled by default for the DNS profile)
* A DNS/GTM pool uses the Return to DNS load balancing method or its****Alternate and Fallback****load balancing methods set to None** **and all pools associated with the wide IP are unavailable.