Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-8705

buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.

Published

2016-01-20T15:59:01.720

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.0 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:C

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: COMPLETE

Exploitability Score

4.9

Impact Score

8.5

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	isc	bind	9.0	Yes
Application	isc	bind	9.0.1	Yes
Application	isc	bind	9.1	Yes
Application	isc	bind	9.1.1	Yes
Application	isc	bind	9.1.2	Yes
Application	isc	bind	9.1.3	Yes
Application	isc	bind	9.2	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.1	Yes
Application	isc	bind	9.2.2	Yes
Application	isc	bind	9.2.2	Yes
Application	isc	bind	9.2.3	Yes
Application	isc	bind	9.2.4	Yes
Application	isc	bind	9.2.5	Yes
Application	isc	bind	9.2.6	Yes
Application	isc	bind	9.2.7	Yes
Application	isc	bind	9.3	Yes
Application	isc	bind	9.3.0	Yes
Application	isc	bind	9.3.1	Yes
Application	isc	bind	9.3.2	Yes
Application	isc	bind	9.3.3	Yes
Application	isc	bind	9.4	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.1	Yes
Application	isc	bind	9.4.2	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.5	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.1	Yes
Application	isc	bind	9.5.1	Yes
Application	isc	bind	9.5.1	Yes
Application	isc	bind	9.5.2	Yes
Application	isc	bind	9.5.2	Yes
Application	isc	bind	9.5.3	Yes
Application	isc	bind	9.5.3	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.9.8	Yes
Application	isc	bind	9.10.1	Yes
Application	isc	bind	9.10.1	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.3	Yes
Application	isc	bind	9.10.3	Yes
Application	isc	bind	9.10.3	Yes
Application	isc	bind	9.10.3	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html ([email protected])
http://www.securityfocus.com/bid/81314 ([email protected])
http://www.securitytracker.com/id/1034740 ([email protected])
https://kb.isc.org/article/AA-01336 Vendor Advisory ([email protected])
https://kb.isc.org/article/AA-01380 ([email protected])
https://security.gentoo.org/glsa/201610-07 ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/81314 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034740 (af854a3a-2127-422b-91ae-364da2661108)
https://kb.isc.org/article/AA-01336 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.isc.org/article/AA-01380 (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201610-07 (af854a3a-2127-422b-91ae-364da2661108)