CVE-2011-4313

NameCVE-2011-4313
Descriptionquery.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2347-1
NVD severitymedium (attack range: remote)
Debian Bugs649099

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)wheezy1:9.8.4.dfsg.P1-6+nmu2+deb7u10fixed
wheezy (security)1:9.8.4.dfsg.P1-6+nmu2+deb7u18fixed
jessie1:9.9.5.dfsg-9+deb8u12fixed
jessie (security)1:9.9.5.dfsg-9+deb8u13fixed
stretch1:9.10.3.dfsg.P4-12.3+deb9u3fixed
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u2fixed
buster1:9.10.3.dfsg.P4-12.6fixed
sid1:9.10.6+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9source(unstable)1:9.8.1.dfsg.P1-1high649099
bind9sourcelenny1:9.6.ESV.R4+dfsg-0+lenny4mediumDSA-2347-1
bind9sourcesqueeze1:9.7.3.dfsg-1~squeeze4mediumDSA-2347-1

Search for package or bug name: Reporting problems