CVE-2014-8500

NameCVE-2014-8500
DescriptionISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-112-1, DSA-3094-1
Debian Bugs772610

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)buster, buster (security)1:9.11.5.P4+dfsg-5.1+deb10u7fixed
bullseye (security), bullseye1:9.16.27-1~deb11u1fixed
bookworm, sid1:9.18.4-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcesqueeze1:9.7.3.dfsg-1~squeeze13DLA-112-1
bind9sourcewheezy1:9.8.4.dfsg.P1-6+nmu2+deb7u3DSA-3094-1
bind9source(unstable)1:9.9.5.dfsg-7772610

Notes

https://kb.isc.org/article/AA-01216/0

Search for package or bug name: Reporting problems