Page 10 of 55 results (0.012 seconds)

CVSS: 7.8EPSS: 90%CPEs: 68EXPL: 0

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. libdns en ISC BIND v9.7.x y v9.8.x antes v9.8.4-P2, v9.8.5 antes de v9.8.5b2, v9.9.x antes de v9.9.2-P2, y v9.9.3 antes v9.9.3b2 en plataformas UNIX permite a atacantes remotos para causar una denegación de servicio (consumo de memoria) a través de una expresión regular manipulada, como lo demuestra un ataque memoria de agotamiento contra un equipo que ejecuta un proceso llamado. • http://linux.oracle.com/errata/ELSA-2014-1244 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101500.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101603.html http://marc.info/?l=bugtraq&m=136804614120794&w=2 http://rhn.redhat.com/errata/RHSA-2013-0689.html http://rhn.redhat.com/errata/RHSA-2013-0690.html http://support.apple.com/kb/HT5880 http://www.debia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.1EPSS: 1%CPEs: 43EXPL: 0

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. ISC BIND v9.8.x hasta 9.8.4-P1 y v9.9.x hasta v9.9.2-P1, en ??ciertas configuraciones que implican DNS64 con una zona de política de respuesta que carece de una regla de reescritura AAAA, permite a atacantes remotos provocar una denegación de servicio (aserción fracaso y salida llamado demonio) a través de una consulta para un registro AAAA. • http://rhn.redhat.com/errata/RHSA-2013-0550.html http://www.isc.org/software/bind/advisories/cve-2012-5689 http://www.ubuntu.com/usn/USN-2693-1 https://kb.isc.org/article/AA-00855 https://access.redhat.com/security/cve/CVE-2012-5689 https://bugzilla.redhat.com/show_bug.cgi?id=903417 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 3%CPEs: 39EXPL: 0

ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. ISC BIND v9.8.x antes de v9.8.4-P1 y v9.9.x antes de v9.9.2-P1, cuando DNS64 está activado, permite a atacantes remotos provocar una denegación de servicio (error de aserción y salida del demonio) a través de una consulta manipulada. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://rhn.redhat.com/errata/RHSA-2012-1549.html http://support.apple.com/kb/HT5880 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004 http://www.ubuntu.com/usn/USN-1657-1 https://kb.isc.org/article/AA-00828 https://access.redhat.com/security/cve/CVE-2012-5688 https://bugzilla.redhat.com/show_bug.cgi?id=883533 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 8%CPEs: 278EXPL: 0

ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. ISC BIND v9.x antes de v9.7.6-P4, v9.8.x antes de v9.8.3-P4, v9.9.x antes de v9.9.1-P4, y v9.4-ESV y 9.6-ESV antes de v9.6-ESV-R7-P, permite a atacantes remotos provocar una denegación de servicio a través de combinaciones no especificadas de registros de recursos. • http://aix.software.ibm.com/aix/efixes/security/bind9_advisory5.asc http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090346.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090491.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090586.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce • CWE-189: Numeric Errors •

CVSS: 7.8EPSS: 29%CPEs: 278EXPL: 0

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. ISC BIND v9.x antes de v9.7.6-P3, v9.8.x antes de v9.8.3-P3, v9.9.x antes de v9.9.1-P3, y v9.4-ESV y v9.6-ESV antes de v9.6-ESV-R7-P3 permite provocar una denegación de servicio (error de aserción y salida de demonio) a atacantes remotos a través de una consulta para un registro de recursos demasiado largo. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087697.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087703.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088381.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00022.html http://lists.opensuse.org/opensuse-security& •