CVE-2011-4313

NameCVE-2011-4313
Descriptionquery.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2347-1
NVD severitymedium (attack range: remote)
Debian Bugs649099

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)jessie1:9.9.5.dfsg-9+deb8u15fixed
jessie (security)1:9.9.5.dfsg-9+deb8u16fixed
stretch (security), stretch1:9.10.3.dfsg.P4-12.3+deb9u4fixed
buster1:9.11.4+dfsg-4fixed
sid1:9.11.4.P2+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9source(unstable)1:9.8.1.dfsg.P1-1high649099
bind9sourcelenny1:9.6.ESV.R4+dfsg-0+lenny4mediumDSA-2347-1
bind9sourcesqueeze1:9.7.3.dfsg-1~squeeze4mediumDSA-2347-1

Search for package or bug name: Reporting problems