F5 Networks: K14386 (CVE-2013-2266): BIND vulnerability CVE-2013-2266
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | March 28, 2013 | February 16, 2017 | October 13, 2017 |
Description
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
f5-big-ip-upgrade-latestRelated Vulnerabilities
- OS X update for Bind (CVE-2013-2266)
- OS X update for Apache (CVE-2013-2266)
- ELSA-2013-0689 Important: Oracle Linux bind security and bug fix update
- Gentoo Linux: CVE-2013-2266: BIND: Denial of Service
- Alpine Linux: CVE-2013-2266: Vulnerability in bind and dhcp allows remote denial of service
- HP-UX: CVE-2013-2266: Running BIND, Remote Denial of Service (DoS)
- ISC BIND: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named (CVE-2013-2266)
- ELSA-2013-0690 Important: Oracle Linux bind97 security update
- ELSA-2014-0043 Moderate: Oracle Linux bind security update
- ELSA-2014-1244 Moderate: Oracle Linux bind97 security and bug fix update