CVE-2013-4854

NONE EPSS 98.2%
Published Jul 29, 201312y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jul 29, 2013 12y ago
Last Modified Jun 16, 2026 2w ago

Description

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Threat Intelligence

EPSS Exploit Probability
98.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 109

VendorProductVersionRange
iscbind9.7.0any
iscbind9.7.0any
iscbind9.7.0any
iscbind9.7.0any
iscbind9.7.0any
iscbind9.7.0any
iscbind9.7.1any
iscbind9.7.1any
iscbind9.7.1any
iscbind9.7.1any
iscbind9.7.2any
iscbind9.7.2any
iscbind9.7.2any
iscbind9.7.2any
iscbind9.7.2any
iscbind9.7.3any
iscbind9.7.3any
iscbind9.7.3any
iscbind9.7.3any
iscbind9.7.4any
iscbind9.7.4any
iscbind9.7.4any
iscbind9.7.4any
iscbind9.7.5any
iscbind9.7.5any
iscbind9.7.5any
iscbind9.7.5any
iscbind9.7.6any
iscbind9.7.6any
iscbind9.7.6any
iscbind9.7.7any
susesuse_linux_enterprise_software_development_kit11.0any
susesuse_linux_enterprise_software_development_kit11.0any
novellsuse_linux11any
novellsuse_linux11any
iscdnsco_bind9.9.3any
iscdnsco_bind9.9.4any
opensuseopensuse11.4any
iscbind9.9.0any
iscbind9.9.0any
iscbind9.9.0any
iscbind9.9.0any
iscbind9.9.0any
iscbind9.9.0any
iscbind9.9.0any
iscbind9.9.0any
iscbind9.9.0any
iscbind9.9.0any
iscbind9.9.1any
iscbind9.9.1any
iscbind9.9.1any
iscbind9.9.2any
iscbind9.9.3any
iscbind9.9.3any
iscbind9.9.3any
iscbind9.9.3any
iscbind9.9.3any
iscbind9.9.3any
freebsdfreebsd8.0any
freebsdfreebsd8.1any
freebsdfreebsd8.2any
freebsdfreebsd8.3any
freebsdfreebsd8.4any
freebsdfreebsd9.0any
freebsdfreebsd9.1any
freebsdfreebsd9.1any
freebsdfreebsd9.1any
freebsdfreebsd9.2any
freebsdfreebsd9.2any
freebsdfreebsd9.2any
mandrivabusiness_server1.0any
mandrivaenterprise_server5.0any
redhatenterprise_linux5any
redhatenterprise_linux6.0any
iscbind9.8.0any
iscbind9.8.0any
iscbind9.8.0any
iscbind9.8.0any
iscbind9.8.0any
iscbind9.8.0any
iscbind9.8.0any
iscbind9.8.1any
iscbind9.8.1any
iscbind9.8.1any
iscbind9.8.1any
iscbind9.8.1any
iscbind9.8.1any
iscbind9.8.2any
iscbind9.8.2any
iscbind9.8.2any
iscbind9.8.3any
iscbind9.8.3any
iscbind9.8.3any
iscbind9.8.4any
iscbind9.8.5any
iscbind9.8.5any
iscbind9.8.5any
iscbind9.8.5any
iscbind9.8.5any
iscbind9.8.5any
iscbind9.8.6any
fedoraprojectfedora18any
fedoraprojectfedora19any
hphp-uxb.11.31any
slackwareslackware_linux12.1any
slackwareslackware_linux12.2any
slackwareslackware_linux13.0any
slackwareslackware_linux13.1any
slackwareslackware_linux13.37any

References 29

  • archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html
  • archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
  • linux.oracle.com http://linux.oracle.com/errata/ELSA-2014-1244
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html
    Vendor Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html
    Vendor Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html
    Vendor Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html
    Vendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1114.html
    Vendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1115.html
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/54134
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/54185
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/54207
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/54211
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/54323
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/54432
    Vendor Advisory
  • debian.org http://www.debian.org/security/2013/dsa-2728
  • freebsd.org http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc
    Vendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2013:202
    Vendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/61479
  • securitytracker.com http://www.securitytracker.com/id/1028838
  • ubuntu.com http://www.ubuntu.com/usn/USN-1910-1
  • zerodayinitiative.com http://www.zerodayinitiative.com/advisories/ZDI-13-210/
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/86004
  • h20564.www2.hp.com https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396
    Vendor Advisory
  • kb.isc.org https://kb.isc.org/article/AA-01015
    Vendor Advisory
  • kb.isc.org https://kb.isc.org/article/AA-01016
    Vendor Advisory
  • kc.mcafee.com https://kc.mcafee.com/corporate/index?page=content&id=SB10052
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561
  • support.apple.com https://support.apple.com/kb/HT6536

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.