CVE-2011-4313

NameCVE-2011-4313
Descriptionquery.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2347-1
NVD severitymedium
Debian Bugs649099

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)jessie1:9.9.5.dfsg-9+deb8u15fixed
jessie (security)1:9.9.5.dfsg-9+deb8u18fixed
stretch1:9.10.3.dfsg.P4-12.3+deb9u5fixed
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u6fixed
buster1:9.11.5.P4+dfsg-5.1fixed
buster (security)1:9.11.5.P4+dfsg-5.1+deb10u1fixed
bullseye, sid1:9.16.2-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9source(unstable)1:9.8.1.dfsg.P1-1high649099
bind9sourcelenny1:9.6.ESV.R4+dfsg-0+lenny4DSA-2347-1
bind9sourcesqueeze1:9.7.3.dfsg-1~squeeze4DSA-2347-1

Search for package or bug name: Reporting problems