Lucene search

[email protected]NVD:CVE-2014-8500

HistoryDec 11, 2014 - 2:59 a.m.

CVE-2014-8500

2014-12-1102:59:00

CWE-399

[email protected]

web.nvd.nist.gov

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.3 High

AI Score

Confidence

High

0.877 High

EPSS

Percentile

98.7%

JSON

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.

Affected configurations

NVD

Node

iscbindMatch9.0

iscbindMatch9.0.1

iscbindMatch9.1

iscbindMatch9.1.1

iscbindMatch9.1.2

iscbindMatch9.1.3

iscbindMatch9.2

iscbindMatch9.2.0

iscbindMatch9.2.1

iscbindMatch9.2.2

iscbindMatch9.2.3

iscbindMatch9.2.4

iscbindMatch9.2.5

iscbindMatch9.2.6

iscbindMatch9.2.7

iscbindMatch9.2.8

iscbindMatch9.2.9

iscbindMatch9.3

iscbindMatch9.3.0

iscbindMatch9.3.1

iscbindMatch9.3.2

iscbindMatch9.3.3

iscbindMatch9.3.4

iscbindMatch9.3.5

iscbindMatch9.3.6

iscbindMatch9.4

iscbindMatch9.4.0

iscbindMatch9.4.1

iscbindMatch9.4.2

iscbindMatch9.4.3

iscbindMatch9.5

iscbindMatch9.5.0

iscbindMatch9.5.1

iscbindMatch9.5.2

iscbindMatch9.5.3

iscbindMatch9.6.0

iscbindMatch9.6.1

iscbindMatch9.6.2

iscbindMatch9.6.3

iscbindMatch9.7.0

iscbindMatch9.7.1

iscbindMatch9.7.2

iscbindMatch9.7.3

iscbindMatch9.7.4

iscbindMatch9.7.5

iscbindMatch9.7.6

iscbindMatch9.7.7

iscbindMatch9.8.0

iscbindMatch9.8.1

iscbindMatch9.8.2

iscbindMatch9.8.3

iscbindMatch9.8.4

iscbindMatch9.8.5

iscbindMatch9.8.6

iscbindMatch9.9.0

iscbindMatch9.9.1

iscbindMatch9.9.2

iscbindMatch9.9.3

iscbindMatch9.9.4

iscbindMatch9.9.5

iscbindMatch9.9.6

iscbindMatch9.10.0

iscbindMatch9.10.1

References

advisories.mageia.org/MGASA-2014-0524.html

cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc

kb.juniper.net/InfoCenter/index?page=content&id=JSA10676

lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00013.html

lists.opensuse.org/opensuse-updates/2015-07/msg00038.html

marc.info/?l=bugtraq&m=142180687100892&w=2

marc.info/?l=bugtraq&m=144000632319155&w=2

rhn.redhat.com/errata/RHSA-2016-0078.html

secunia.com/advisories/62064

secunia.com/advisories/62122

security.gentoo.org/glsa/glsa-201502-03.xml

securitytracker.com/id?1031311

ubuntu.com/usn/usn-2437-1

www.debian.org/security/2014/dsa-3094

www.kb.cert.org/vuls/id/264212

www.mandriva.com/security/advisories?name=MDVSA-2015:165

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/71590

kb.isc.org/article/AA-01216/

security.netapp.com/advisory/ntap-20190730-0002/

support.apple.com/HT205219

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.3 High

AI Score

Confidence

High

0.877 High

EPSS

Percentile

98.7%

JSON

CVE-2014-8500

Affected configurations

References

Related