Home/CVE/The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and
CVE

CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

HIGH · CVSS 7.8 EPSS 0.51147
Act now
  • EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
  • EPSS percentile: top 2% of all CVEs by exploitation likelihood
  • CVSS base score ≥ 7.0
Sigma rules0 YARA rules0

Affected Products & Versions

6
isc bindall versions
suse linux enterprise software development kitall versions
novell suse linuxall versions
isc dnsco bindall versions
opensuseall versions
freebsdall versions

Scoring & Timeline

7.8
HIGH · CVSS v2 (legacy) · cve@mitre.org
View on NVD
This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.
v2 Vector
AV:N/AC:L/Au:N/C:N/I:N/A:C
Published to NVD29 Jul 2013 · 01:59 PM

Vendor Advisories

7
suse-csafopenSUSE-SU-2024:10467-1
suse-csafSUSE-SU-2015:0011-2
suse-csafSUSE-SU-2015:1205-1
usnUSN-1910-1
rhsaRHSA-2013:1115Important
🔗

References & Sources

29
Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.
http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://linux.oracle.com/errata/ELSA-2014-1244
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.htmlVendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.htmlVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.htmlVendor Advisory
Intelligence Graph · click any node to traverse
CVETechnique ActorTool Family
drag to reposition · click any node to traverse · button top-right enlarges
External lookups - second-class, for what we don’t hold ourselves
NVDCVE.orgCISAVulnersExploit-DBGitHub PoCVulnCheck KEVGreyNoise
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin