7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.943 High
EPSS
Percentile
99.2%
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2,
9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows
remote attackers to cause a denial of service (memory consumption) via a
crafted regular expression, as demonstrated by a memory-exhaustion attack
against a machine running a named process.
Author | Note |
---|---|
seth-arnold | No patch will be provided for 9.7. The suggested workaround is re-compile without regex support. |