What is CVE-2014-8500?

CVE-2014-8500 is a vulnerability in Isc Bind, classified under CWE-399. Published 2014-12-11.

Is CVE-2014-8500 known to be exploited?

14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Isc Bind

CVE-2014-8500

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number…

EPSS: 0.657 (99.2th percentile) — read the EPSS interpretation.

Affected products

Isc Bind — versions 9.0, 9.0.1, 9.1
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM)
HPSBUX03235 (x_refsource_HP, vendor-advisory)
GLSA-201502-03 (vendor-advisory, x_refsource_GENTOO)
62122 (x_refsource_SECUNIA, third-party-advisory)
NetBSD-SA2015-002 (vendor-advisory, x_refsource_NETBSD)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
MDVSA-2015:165 (vendor-advisory, x_refsource_MANDRIVA)
openSUSE-SU-2015:1250 (vendor-advisory, x_refsource_SUSE)
SUSE-SU-2015:0480 (vendor-advisory, x_refsource_SUSE)
62064 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2014-8500?: CVE-2014-8500 is a vulnerability in Isc Bind, classified under CWE-399. Published 2014-12-11.
Is CVE-2014-8500 known to be exploited?: 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.