CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
98.5%
Versions of ISC BIND earlier than 9.10.1-P1 are unpatched for the following vulnerabilities:
Denial of service vulnerability that can be triggered when handling a maliciously constructed query or zone request, causing the service to issue unlimited queries in an attempt to follow a delegation (CVE-2014-8500)
Denial of service vulnerability in the pre-fetch feature that is triggered when the response to a specially crafted DNS query contains particular attributes. (CVE-2014-3214)
Denial of service vulnerability in EDNS option processing (CVE-2014-3859)
Denial of service in three unspecified flaws in the GeoIP feature (CVE-2014-8680)
Binary data 8569.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3214
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3859
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
kb.isc.org/article/AA-01161/
kb.isc.org/article/AA-01166/
kb.isc.org/article/AA-01216/
kb.isc.org/article/AA-01217/
kb.isc.org/article/AA-01223/81/BIND-9.10.1-P1-Release-Notes.html