Denial Of Service (DoS)

2020-08-3104:08:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

BIND 9 is vulnerable to denial of service (DoS). An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with “–enable-native-pkcs11” * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

CPENameOperatorVersion
bind:3.12eq9.14.12-r0
bindeq9.11.13__5.el8_2
bindeq9.11.20__3.el8
bindeq9.11.4__26.P2.el8
bindeq9.9.4__18.ael7b_1.4
bindeq9.9.4__72.el7.0.1
bindeq9.11.19__1.el8
bindeq9.11.4__16.P2.el8
bindeq9.9.4__74.el7_6.2
bindeq9.11.13__3.el8

Name	Operator	Version
bind:3.12	eq	9.14.12-r0
bind	eq	9.11.13__5.el8_2
bind	eq	9.11.20__3.el8
bind	eq	9.11.4__26.P2.el8
bind	eq	9.9.4__18.ael7b_1.4
bind	eq	9.9.4__72.el7.0.1
bind	eq	9.11.19__1.el8
bind	eq	9.11.4__16.P2.el8
bind	eq	9.9.4__74.el7_6.2
bind	eq	9.11.13__3.el8