CVE-2014-8680

NameCVE-2014-8680
DescriptionThe GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)bullseye1:9.16.50-1~deb11u2fixed
bullseye (security)1:9.16.50-1~deb11u4fixed
bookworm1:9.18.33-1~deb12u2fixed
bookworm (security)1:9.18.41-1~deb12u1fixed
trixie1:9.20.11-4fixed
trixie (security)1:9.20.15-1~deb13u1fixed
forky, sid1:9.20.15-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9source(unstable)(not affected)

Notes

- bind9 <not-affected> (Only affects 9.10 to 9.11)
https://kb.isc.org/article/AA-01217/0
Search for package or bug name: Reporting problems