// For flags

CVE-2014-8500

bind: delegation handling denial of service

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.

ISC BIND 9.0.x hasta 9.8.x, 9.9.0 hasta 9.9.6, y 9.10.0 hasta 9.10.1 no limita el encadenamiento de la delegación, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída del nombrado) a través de un número grande o infinito de referencias.

A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash.

The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-28 CVE Reserved
  • 2014-12-09 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
References (29)
URL Tag Source
http://advisories.mageia.org/MGASA-2014-0524.html X_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676 X_refsource_confirm
http://secunia.com/advisories/62064 Third Party Advisory
http://secunia.com/advisories/62122 Third Party Advisory
http://securitytracker.com/id?1031311 Vdb Entry
http://www.kb.cert.org/vuls/id/264212 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html X_refsource_confirm
http://www.securityfocus.com/bid/71590 Vdb Entry
https://security.netapp.com/advisory/ntap-20190730-0002 X_refsource_confirm
https://support.apple.com/HT205219 X_refsource_confirm
URL Date SRC
URL Date SRC
http://ubuntu.com/usn/usn-2437-1 2017-01-03
URL Date SRC
http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html 2017-01-03
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc 2017-01-03
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html 2017-01-03
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html 2017-01-03
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html 2017-01-03
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html 2017-01-03
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00013.html 2017-01-03
http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html 2017-01-03
http://marc.info/?l=bugtraq&m=142180687100892&w=2 2017-01-03
http://marc.info/?l=bugtraq&m=144000632319155&w=2 2017-01-03
http://rhn.redhat.com/errata/RHSA-2016-0078.html 2017-01-03
http://security.gentoo.org/glsa/glsa-201502-03.xml 2017-01-03
http://www.debian.org/security/2014/dsa-3094 2017-01-03
http://www.mandriva.com/security/advisories?name=MDVSA-2015:165 2017-01-03
https://kb.isc.org/article/AA-01216 2017-01-03
https://access.redhat.com/security/cve/CVE-2014-8500 2016-01-28
https://bugzilla.redhat.com/show_bug.cgi?id=1171912 2016-01-28
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0
Search vendor "Isc" for product "Bind" and version "9.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0.1
Search vendor "Isc" for product "Bind" and version "9.0.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1
Search vendor "Isc" for product "Bind" and version "9.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.1
Search vendor "Isc" for product "Bind" and version "9.1.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.2
Search vendor "Isc" for product "Bind" and version "9.1.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.3
Search vendor "Isc" for product "Bind" and version "9.1.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2
Search vendor "Isc" for product "Bind" and version "9.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.1
Search vendor "Isc" for product "Bind" and version "9.2.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.2
Search vendor "Isc" for product "Bind" and version "9.2.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.3
Search vendor "Isc" for product "Bind" and version "9.2.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.4
Search vendor "Isc" for product "Bind" and version "9.2.4"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.5
Search vendor "Isc" for product "Bind" and version "9.2.5"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.6
Search vendor "Isc" for product "Bind" and version "9.2.6"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.7
Search vendor "Isc" for product "Bind" and version "9.2.7"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.8
Search vendor "Isc" for product "Bind" and version "9.2.8"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.9
Search vendor "Isc" for product "Bind" and version "9.2.9"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.3
Search vendor "Isc" for product "Bind" and version "9.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.3.0
Search vendor "Isc" for product "Bind" and version "9.3.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.3.1
Search vendor "Isc" for product "Bind" and version "9.3.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.3.2
Search vendor "Isc" for product "Bind" and version "9.3.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.3.3
Search vendor "Isc" for product "Bind" and version "9.3.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.3.4
Search vendor "Isc" for product "Bind" and version "9.3.4"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.3.5
Search vendor "Isc" for product "Bind" and version "9.3.5"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.3.6
Search vendor "Isc" for product "Bind" and version "9.3.6"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4
Search vendor "Isc" for product "Bind" and version "9.4"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.1
Search vendor "Isc" for product "Bind" and version "9.4.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.2
Search vendor "Isc" for product "Bind" and version "9.4.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.3
Search vendor "Isc" for product "Bind" and version "9.4.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.5
Search vendor "Isc" for product "Bind" and version "9.5"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.5.0
Search vendor "Isc" for product "Bind" and version "9.5.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.5.1
Search vendor "Isc" for product "Bind" and version "9.5.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.5.2
Search vendor "Isc" for product "Bind" and version "9.5.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.5.3
Search vendor "Isc" for product "Bind" and version "9.5.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.6.0
Search vendor "Isc" for product "Bind" and version "9.6.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.6.1
Search vendor "Isc" for product "Bind" and version "9.6.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.6.2
Search vendor "Isc" for product "Bind" and version "9.6.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.6.3
Search vendor "Isc" for product "Bind" and version "9.6.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.7.0
Search vendor "Isc" for product "Bind" and version "9.7.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.7.1
Search vendor "Isc" for product "Bind" and version "9.7.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.7.2
Search vendor "Isc" for product "Bind" and version "9.7.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.7.3
Search vendor "Isc" for product "Bind" and version "9.7.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.7.4
Search vendor "Isc" for product "Bind" and version "9.7.4"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.7.5
Search vendor "Isc" for product "Bind" and version "9.7.5"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.7.6
Search vendor "Isc" for product "Bind" and version "9.7.6"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.7.7
Search vendor "Isc" for product "Bind" and version "9.7.7"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.8.0
Search vendor "Isc" for product "Bind" and version "9.8.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.8.1
Search vendor "Isc" for product "Bind" and version "9.8.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.8.2
Search vendor "Isc" for product "Bind" and version "9.8.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.8.3
Search vendor "Isc" for product "Bind" and version "9.8.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.8.4
Search vendor "Isc" for product "Bind" and version "9.8.4"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.8.5
Search vendor "Isc" for product "Bind" and version "9.8.5"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.8.6
Search vendor "Isc" for product "Bind" and version "9.8.6"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.9.0
Search vendor "Isc" for product "Bind" and version "9.9.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.9.1
Search vendor "Isc" for product "Bind" and version "9.9.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.9.2
Search vendor "Isc" for product "Bind" and version "9.9.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.9.3
Search vendor "Isc" for product "Bind" and version "9.9.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.9.4
Search vendor "Isc" for product "Bind" and version "9.9.4"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.9.5
Search vendor "Isc" for product "Bind" and version "9.9.5"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.9.6
Search vendor "Isc" for product "Bind" and version "9.9.6"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.10.0
Search vendor "Isc" for product "Bind" and version "9.10.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.10.1
Search vendor "Isc" for product "Bind" and version "9.10.1"
-
Affected