Buffer overflow in Isc Bind

CVE-2014-0591

The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failur…

Vulnerability class: Buffer Overflow

EPSS: 0.515 (97.9th percentile) — read the EPSS interpretation.

Affected products

Isc Bind — versions 9.6, 9.6.0, 9.6.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

1029589 (vdb-entry, x_refsource_SECTRACK)
RHSA-2014:0043 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)
DSA-3023 (vendor-advisory, x_refsource_DEBIAN)
MDVSA-2014:002 (vendor-advisory, x_refsource_MANDRIVA)
APPLE-SA-2014-10-16-3 (vendor-advisory, x_refsource_APPLE)
56574 (x_refsource_SECUNIA, third-party-advisory)
openSUSE-SU-2014:0199 (vendor-advisory, x_refsource_SUSE)
56522 (x_refsource_SECUNIA, third-party-advisory)
FEDORA-2014-0858 (x_refsource_FEDORA, vendor-advisory)