CVE-2013-2266

EPSS 41.45%
Published 28.03.2013 16:55:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

Affected products Warnungen 0 Metrics 2 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Isc ≫ Bind Version9.9.0

Isc ≫ Bind Version9.9.0 Updatea1

Isc ≫ Bind Version9.9.0 Updatea2

Isc ≫ Bind Version9.9.0 Updatea3

Isc ≫ Bind Version9.9.0 Updateb1

Isc ≫ Bind Version9.9.0 Updateb2

Isc ≫ Bind Version9.9.0 Updaterc1

Isc ≫ Bind Version9.9.0 Updaterc2

Isc ≫ Bind Version9.9.0 Updaterc3

Isc ≫ Bind Version9.9.0 Updaterc4

Isc ≫ Bind Version9.9.1

Isc ≫ Bind Version9.9.1 Updatep1

Isc ≫ Bind Version9.9.1 Updatep2

Isc ≫ Bind Version9.9.2

Isc ≫ Bind Version9.9.3

Isc ≫ Bind Version9.9.3 Updateb1

Isc ≫ Bind Version9.7.0

Isc ≫ Bind Version9.7.0 Updateb1

Isc ≫ Bind Version9.7.0 Updatep1

Isc ≫ Bind Version9.7.0 Updatep2

Isc ≫ Bind Version9.7.0 Updaterc1

Isc ≫ Bind Version9.7.0 Updaterc2

Isc ≫ Bind Version9.7.1

Isc ≫ Bind Version9.7.1 Updatep1

Isc ≫ Bind Version9.7.1 Updatep2

Isc ≫ Bind Version9.7.1 Updaterc1

Isc ≫ Bind Version9.7.2

Isc ≫ Bind Version9.7.2 Updatep1

Isc ≫ Bind Version9.7.2 Updatep2

Isc ≫ Bind Version9.7.2 Updatep3

Isc ≫ Bind Version9.7.2 Updaterc1

Isc ≫ Bind Version9.7.3

Isc ≫ Bind Version9.7.3 Updateb1

Isc ≫ Bind Version9.7.3 Updatep1

Isc ≫ Bind Version9.7.3 Updaterc1

Isc ≫ Bind Version9.7.4

Isc ≫ Bind Version9.7.4 Updateb1

Isc ≫ Bind Version9.7.4 Updatep1

Isc ≫ Bind Version9.7.4 Updaterc1

Isc ≫ Bind Version9.7.5

Isc ≫ Bind Version9.7.5 Updateb1

Isc ≫ Bind Version9.7.5 Updaterc1

Isc ≫ Bind Version9.7.5 Updaterc2

Isc ≫ Bind Version9.7.6

Isc ≫ Bind Version9.7.6 Updatep1

Isc ≫ Bind Version9.7.6 Updatep2

Isc ≫ Bind Version9.8.0

Isc ≫ Bind Version9.8.0 Updatea1

Isc ≫ Bind Version9.8.0 Updateb1

Isc ≫ Bind Version9.8.0 Updatep1

Isc ≫ Bind Version9.8.0 Updatep2

Isc ≫ Bind Version9.8.0 Updatep4

Isc ≫ Bind Version9.8.0 Updaterc1

Isc ≫ Bind Version9.8.1

Isc ≫ Bind Version9.8.1 Updateb1

Isc ≫ Bind Version9.8.1 Updateb2

Isc ≫ Bind Version9.8.1 Updateb3

Isc ≫ Bind Version9.8.1 Updatep1

Isc ≫ Bind Version9.8.1 Updaterc1

Isc ≫ Bind Version9.8.2 Updateb1

Isc ≫ Bind Version9.8.2 Updaterc1

Isc ≫ Bind Version9.8.2 Updaterc2

Isc ≫ Bind Version9.8.3

Isc ≫ Bind Version9.8.3 Updatep1

Isc ≫ Bind Version9.8.3 Updatep2

Isc ≫ Bind Version9.8.4

Isc ≫ Bind Version9.8.5

Isc ≫ Bind Version9.8.5 Updateb1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	41.45%	0.973

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

http://support.apple.com/kb/HT5880

http://linux.oracle.com/errata/ELSA-2014-1244

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101500.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101603.html

http://marc.info/?l=bugtraq&m=136804614120794&w=2

http://rhn.redhat.com/errata/RHSA-2013-0689.html

http://rhn.redhat.com/errata/RHSA-2013-0690.html

http://www.debian.org/security/2013/dsa-2656

http://www.isc.org/software/bind/advisories/cve-2013-2266

Vendor Advisory

http://www.securityfocus.com/bid/58736